sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-28 20:43:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated packaging scripts, site and finalized the documentation to release version 0.6.4

Browse Source
This commit is contained in:
Bernardo Damele 2009-02-03 15:38:40 +00:00
parent 770e000cb4
commit b12d955274
5 changed files with 37 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/ChangeLog
View File

@ -27,7 +27,7 @@ sqlmap (0.6.4-1) stable; urgency=low
provided; provided;
* Updated documentation. * Updated documentation.
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Day, DD MMM 2009 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo.damele@gmail.com> Tue, 3 Feb 2009 23:30:00 +0000
sqlmap (0.6.3-1) stable; urgency=low sqlmap (0.6.3-1) stable; urgency=low

21
doc/README.html
View File

@ -8,7 +8,7 @@
<H1>sqlmap user's manual</H1> <H1>sqlmap user's manual</H1>
<H2>by <H2>by
<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A></H2>version 0.6.4, DDth of MMM 2009 <A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A></H2>version 0.6.4, 3rd of February 2009
<HR> <HR>
<EM>This document is the user's manual to use <EM>This document is the user's manual to use
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>. <A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.
@ -3801,7 +3801,8 @@ back-end DBMS: PostgreSQL
sql> SELECT COUNT(name) FROM users sql> SELECT COUNT(name) FROM users
[10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
[10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users [10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
FROM users
[10:11:59] [INFO] retrieved: 4 [10:11:59] [INFO] retrieved: 4
[10:11:59] [INFO] performed 13 queries in 0 seconds [10:11:59] [INFO] performed 13 queries in 0 seconds
SELECT COUNT(name) FROM users: '4' SELECT COUNT(name) FROM users: '4'
@ -3809,12 +3810,14 @@ SELECT COUNT(name) FROM users: '4'
sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell'); sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
[10:12:35] [INFO] testing stacked queries support on parameter 'id' [10:12:35] [INFO] testing stacked queries support on parameter 'id'
[10:12:40] [INFO] the web application supports stacked queries on parameter 'id' [10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');' [10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname)
VALUES (5, 'from', 'sql shell');'
[10:12:40] [INFO] done [10:12:40] [INFO] done
sql> SELECT COUNT(name) FROM users sql> SELECT COUNT(name) FROM users
[10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
[10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n [10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users [10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
FROM users
[10:12:53] [INFO] retrieved: 5 [10:12:53] [INFO] retrieved: 5
[10:12:54] [INFO] performed 20 queries in 0 seconds [10:12:54] [INFO] performed 20 queries in 0 seconds
SELECT COUNT(name) FROM users: '5' SELECT COUNT(name) FROM users: '5'
@ -3822,7 +3825,15 @@ SELECT COUNT(name) FROM users: '5'
</CODE></BLOCKQUOTE> </CODE></BLOCKQUOTE>
</P> </P>
<P>TODO</P> <P>As you can see from this last example, when the user provides a SQL
statement other than <CODE>SELECT</CODE>, sqlmap recognizes it, tests if the
web application supports stacked queries and in case it does, it executes
the provided SQL statement in a multiple statement.</P>
<P>Beware that some web application technologies do not support stacked
queries on specific database management systems. For instance, PHP does not
support stacked queries when the back-end DBMS is MySQL, but it does
support when the back-end DBMS is PostgreSQL.</P>
<H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">File system access</A> <H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">File system access</A>

BIN
doc/README.pdf
View File

Binary file not shown.

22
doc/README.sgml
View File

@ -4,7 +4,7 @@
<title>sqlmap user's manual <title>sqlmap user's manual
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G."> <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">
<date>version 0.6.4, DDth of MMM 2009 <date>version 0.6.4, 3rd of February 2009
<abstract> <abstract>
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">. This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage"> Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
@ -3698,7 +3698,8 @@ back-end DBMS: PostgreSQL
sql> SELECT COUNT(name) FROM users sql> SELECT COUNT(name) FROM users
[10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
[10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users [10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
FROM users
[10:11:59] [INFO] retrieved: 4 [10:11:59] [INFO] retrieved: 4
[10:11:59] [INFO] performed 13 queries in 0 seconds [10:11:59] [INFO] performed 13 queries in 0 seconds
SELECT COUNT(name) FROM users: '4' SELECT COUNT(name) FROM users: '4'
@ -3706,19 +3707,30 @@ SELECT COUNT(name) FROM users: '4'
sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell'); sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
[10:12:35] [INFO] testing stacked queries support on parameter 'id' [10:12:35] [INFO] testing stacked queries support on parameter 'id'
[10:12:40] [INFO] the web application supports stacked queries on parameter 'id' [10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');' [10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname)
VALUES (5, 'from', 'sql shell');'
[10:12:40] [INFO] done [10:12:40] [INFO] done
sql> SELECT COUNT(name) FROM users sql> SELECT COUNT(name) FROM users
[10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
[10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n [10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users [10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
FROM users
[10:12:53] [INFO] retrieved: 5 [10:12:53] [INFO] retrieved: 5
[10:12:54] [INFO] performed 20 queries in 0 seconds [10:12:54] [INFO] performed 20 queries in 0 seconds
SELECT COUNT(name) FROM users: '5' SELECT COUNT(name) FROM users: '5'
</verb></tscreen> </verb></tscreen>
<p> <p>
TODO As you can see from this last example, when the user provides a SQL
statement other than <tt>SELECT</tt>, sqlmap recognizes it, tests if the
web application supports stacked queries and in case it does, it executes
the provided SQL statement in a multiple statement.
<p>
Beware that some web application technologies do not support stacked
queries on specific database management systems. For instance, PHP does not
support stacked queries when the back-end DBMS is MySQL, but it does
support when the back-end DBMS is PostgreSQL.
<sect1>File system access <sect1>File system access

2
lib/core/settings.py
View File

@ -30,7 +30,7 @@ import sys
# sqlmap version and site # sqlmap version and site
VERSION = "0.6.4-rc6" VERSION = "0.6.4"
VERSION_STRING = "sqlmap/%s" % VERSION VERSION_STRING = "sqlmap/%s" % VERSION
SITE = "http://sqlmap.sourceforge.net" SITE = "http://sqlmap.sourceforge.net"