mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
More updates to user's manual
This commit is contained in:
parent
be11e2535e
commit
d305183447
|
@ -937,7 +937,7 @@ Options:
|
||||||
These options can be used to tweak testing of specific SQL injection
|
These options can be used to tweak testing of specific SQL injection
|
||||||
techniques.
|
techniques.
|
||||||
|
|
||||||
--technique=TECH SQL injection techniques to test for (default all)
|
--technique=TECH SQL injection techniques to test for (default BEUST)
|
||||||
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
|
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
|
||||||
--union-cols=UCOLS Range of columns to test for UNION query SQL injection
|
--union-cols=UCOLS Range of columns to test for UNION query SQL injection
|
||||||
--union-char=UCHAR Character to use for bruteforcing number of columns
|
--union-char=UCHAR Character to use for bruteforcing number of columns
|
||||||
|
@ -1844,14 +1844,31 @@ By default delay is set to <B>5 seconds</B>.</P>
|
||||||
|
|
||||||
<P>Switch: <CODE>-</CODE><CODE>-union-cols</CODE></P>
|
<P>Switch: <CODE>-</CODE><CODE>-union-cols</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>By default sqlmap tests for UNION query SQL injection technique using 1 to
|
||||||
|
10 columns. However, this range can be increased up to 50 columns by
|
||||||
|
providing an higher <CODE>-</CODE>-<CODE>level</CODE> value. See the relevant
|
||||||
|
paragraph for details.</P>
|
||||||
|
|
||||||
|
<P>You can manually tell sqlmap to test for this type of SQL injection with a
|
||||||
|
specific range of columns by providing the tool with the
|
||||||
|
<CODE>-</CODE><CODE>-union-cols</CODE> switch followed by a range of integers. For
|
||||||
|
instance, <CODE>12-16</CODE> means tests for UNION query SQL injection by
|
||||||
|
using 12 up to 16 columns.</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Character to use to test for UNION query SQL injection</H3>
|
<H3>Character to use to test for UNION query SQL injection</H3>
|
||||||
|
|
||||||
<P>Switch: <CODE>-</CODE><CODE>-union-char</CODE></P>
|
<P>Switch: <CODE>-</CODE><CODE>-union-char</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>By default sqlmap tests for UNION query SQL injection technique using
|
||||||
|
<CODE>NULL</CODE> character. However, by providing an higher
|
||||||
|
<CODE>-</CODE>-<CODE>level</CODE> value sqlmap will performs tests also with a
|
||||||
|
random number because there are some corner cases where UNION query tests
|
||||||
|
with <CODE>NULL</CODE> fail whereas with a random integer they succeed.</P>
|
||||||
|
|
||||||
|
<P>You can manually tell sqlmap to test for this type of SQL injection with a
|
||||||
|
specific character by providing the tool with the
|
||||||
|
<CODE>-</CODE><CODE>-union-char</CODE> switch followed by a string.</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">Fingerprint</A>
|
<H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">Fingerprint</A>
|
||||||
|
@ -2279,14 +2296,60 @@ This feature provides TAB completion and history support too.</P>
|
||||||
|
|
||||||
<P>Switches: <CODE>-</CODE><CODE>-common-tables</CODE></P>
|
<P>Switches: <CODE>-</CODE><CODE>-common-tables</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>There are cases where <CODE>-</CODE>-<CODE>tables</CODE> switch can not be used to
|
||||||
|
retrieve the databases' table names. These cases usually fit into one
|
||||||
|
of the following categories:</P>
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI>The database management system is MySQL <B>< 5.0</B> where
|
||||||
|
<CODE>information_schema</CODE> is not available.</LI>
|
||||||
|
<LI>The database management system is Microsoft Access where there TODO.</LI>
|
||||||
|
<LI>The session user does not have read privileges against the system
|
||||||
|
table storing the scheme of the databases.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<P>If any of the first two cases apply and you provided the
|
||||||
|
<CODE>-</CODE>-<CODE>tables</CODE> switch, sqlmap will prompt you with a question
|
||||||
|
to fall back to this technique.
|
||||||
|
Either of these cases apply to your situation, sqlmap can possibly still
|
||||||
|
identify some existing tables if you provide it with the
|
||||||
|
<CODE>-</CODE><CODE>-common-tables</CODE> switch. sqlmap will perform a
|
||||||
|
brute-force attack in order to detect the existence of common tables
|
||||||
|
across the DBMS.</P>
|
||||||
|
|
||||||
|
<P>The list of common table names is <CODE>txt/common-tables.txt</CODE> and you
|
||||||
|
can edit it as you wish.</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Brute force columns names</H3>
|
<H3>Brute force columns names</H3>
|
||||||
|
|
||||||
<P>Switches: <CODE>-</CODE><CODE>-common-columns</CODE></P>
|
<P>Switches: <CODE>-</CODE><CODE>-common-columns</CODE></P>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>As per tables, there are cases where <CODE>-</CODE>-<CODE>columns</CODE> switch
|
||||||
|
can not be used to retrieve the databases' tables' column names. These
|
||||||
|
cases usually fit into one of the following categories:</P>
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI>The database management system is MySQL <B>< 5.0</B> where
|
||||||
|
<CODE>information_schema</CODE> is not available.</LI>
|
||||||
|
<LI>The database management system is Microsoft Access where there TODO.</LI>
|
||||||
|
<LI>The session user does not have read privileges against the system
|
||||||
|
table storing the scheme of the databases.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<P>If any of the first two cases apply and you provided the
|
||||||
|
<CODE>-</CODE>-<CODE>columns</CODE> switch, sqlmap will prompt you with a question
|
||||||
|
to fall back to this technique.
|
||||||
|
Either of these cases apply to your situation, sqlmap can possibly still
|
||||||
|
identify some existing tables if you provide it with the
|
||||||
|
<CODE>-</CODE><CODE>-common-columns</CODE> switch. sqlmap will perform a
|
||||||
|
brute-force attack in order to detect the existence of common columns
|
||||||
|
across the DBMS.</P>
|
||||||
|
|
||||||
|
<P>The list of common table names is <CODE>txt/common-columns.txt</CODE> and you
|
||||||
|
can edit it as you wish.</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss5.11">5.11</A> <A HREF="#toc5.11">User-defined function injection</A>
|
<H2><A NAME="ss5.11">5.11</A> <A HREF="#toc5.11">User-defined function injection</A>
|
||||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
|
@ -1841,7 +1841,17 @@ By default delay is set to <bf>5 seconds</bf>.
|
||||||
Switch: <tt>-</tt><tt>-union-cols</tt>
|
Switch: <tt>-</tt><tt>-union-cols</tt>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
TODO
|
By default sqlmap tests for UNION query SQL injection technique using 1 to
|
||||||
|
10 columns. However, this range can be increased up to 50 columns by
|
||||||
|
providing an higher <tt>-</tt>-<tt>level</tt> value. See the relevant
|
||||||
|
paragraph for details.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You can manually tell sqlmap to test for this type of SQL injection with a
|
||||||
|
specific range of columns by providing the tool with the
|
||||||
|
<tt>-</tt><tt>-union-cols</tt> switch followed by a range of integers. For
|
||||||
|
instance, <tt>12-16</tt> means tests for UNION query SQL injection by
|
||||||
|
using 12 up to 16 columns.
|
||||||
|
|
||||||
|
|
||||||
<sect2>Character to use to test for UNION query SQL injection
|
<sect2>Character to use to test for UNION query SQL injection
|
||||||
|
@ -1850,7 +1860,16 @@ TODO
|
||||||
Switch: <tt>-</tt><tt>-union-char</tt>
|
Switch: <tt>-</tt><tt>-union-char</tt>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
TODO
|
By default sqlmap tests for UNION query SQL injection technique using
|
||||||
|
<tt>NULL</tt> character. However, by providing an higher
|
||||||
|
<tt>-</tt>-<tt>level</tt> value sqlmap will performs tests also with a
|
||||||
|
random number because there are some corner cases where UNION query tests
|
||||||
|
with <tt>NULL</tt> fail whereas with a random integer they succeed.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You can manually tell sqlmap to test for this type of SQL injection with a
|
||||||
|
specific character by providing the tool with the
|
||||||
|
<tt>-</tt><tt>-union-char</tt> switch followed by a string.
|
||||||
|
|
||||||
|
|
||||||
<sect1>Fingerprint
|
<sect1>Fingerprint
|
||||||
|
@ -2331,7 +2350,31 @@ These options can be used to run brute force checks.
|
||||||
Switches: <tt>-</tt><tt>-common-tables</tt>
|
Switches: <tt>-</tt><tt>-common-tables</tt>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
TODO
|
There are cases where <tt>-</tt>-<tt>tables</tt> switch can not be used to
|
||||||
|
retrieve the databases' table names. These cases usually fit into one
|
||||||
|
of the following categories:
|
||||||
|
|
||||||
|
<itemize>
|
||||||
|
<item>The database management system is MySQL <bf>< 5.0</bf> where
|
||||||
|
<tt>information_schema</tt> is not available.
|
||||||
|
<item>The database management system is Microsoft Access where there TODO.
|
||||||
|
<item>The session user does not have read privileges against the system
|
||||||
|
table storing the scheme of the databases.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If any of the first two cases apply and you provided the
|
||||||
|
<tt>-</tt>-<tt>tables</tt> switch, sqlmap will prompt you with a question
|
||||||
|
to fall back to this technique.
|
||||||
|
Either of these cases apply to your situation, sqlmap can possibly still
|
||||||
|
identify some existing tables if you provide it with the
|
||||||
|
<tt>-</tt><tt>-common-tables</tt> switch. sqlmap will perform a
|
||||||
|
brute-force attack in order to detect the existence of common tables
|
||||||
|
across the DBMS.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The list of common table names is <tt>txt/common-tables.txt</tt> and you
|
||||||
|
can edit it as you wish.
|
||||||
|
|
||||||
|
|
||||||
<sect2>Brute force columns names
|
<sect2>Brute force columns names
|
||||||
|
@ -2340,7 +2383,31 @@ TODO
|
||||||
Switches: <tt>-</tt><tt>-common-columns</tt>
|
Switches: <tt>-</tt><tt>-common-columns</tt>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
TODO
|
As per tables, there are cases where <tt>-</tt>-<tt>columns</tt> switch
|
||||||
|
can not be used to retrieve the databases' tables' column names. These
|
||||||
|
cases usually fit into one of the following categories:
|
||||||
|
|
||||||
|
<itemize>
|
||||||
|
<item>The database management system is MySQL <bf>< 5.0</bf> where
|
||||||
|
<tt>information_schema</tt> is not available.
|
||||||
|
<item>The database management system is Microsoft Access where there TODO.
|
||||||
|
<item>The session user does not have read privileges against the system
|
||||||
|
table storing the scheme of the databases.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If any of the first two cases apply and you provided the
|
||||||
|
<tt>-</tt>-<tt>columns</tt> switch, sqlmap will prompt you with a question
|
||||||
|
to fall back to this technique.
|
||||||
|
Either of these cases apply to your situation, sqlmap can possibly still
|
||||||
|
identify some existing tables if you provide it with the
|
||||||
|
<tt>-</tt><tt>-common-columns</tt> switch. sqlmap will perform a
|
||||||
|
brute-force attack in order to detect the existence of common columns
|
||||||
|
across the DBMS.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The list of common table names is <tt>txt/common-columns.txt</tt> and you
|
||||||
|
can edit it as you wish.
|
||||||
|
|
||||||
|
|
||||||
<sect1>User-defined function injection
|
<sect1>User-defined function injection
|
||||||
|
|
Loading…
Reference in New Issue
Block a user