mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
more doc updates
This commit is contained in:
parent
723a7447b2
commit
fe16360acb
|
@ -43,11 +43,12 @@ sqlmap (0.9-1) stable; urgency=low
|
|||
* Added --text-only switch to strip from the HTTP response body the
|
||||
HTML/JS code and compare pages based only on their textual content
|
||||
(Miroslav).
|
||||
* Implemented few other features and switches (Bernardo and Miroslav).
|
||||
* Over 100 bugs fixed (Bernardo and Miroslav).
|
||||
* Major code refactoring (Bernardo and Miroslav).
|
||||
* User's manual updated (Bernardo).
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Day, DD MMM 2010 10:00:00 +0000
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Sun, 10 Apr 2011 21:00:00 +0000
|
||||
|
||||
sqlmap (0.8-1) stable; urgency=low
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
<H2>by
|
||||
<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>,
|
||||
<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April XX, 2011
|
||||
<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April 10, 2011
|
||||
<HR>
|
||||
<EM>This document is the user's manual to use
|
||||
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
|
||||
|
@ -561,7 +561,7 @@ the
|
|||
|
||||
<P>
|
||||
<UL>
|
||||
<LI><B>April XX</B>,
|
||||
<LI><B>April 10</B>,
|
||||
<A HREF="http://sqlmap.sourceforge.net/#developers">Bernardo and Miroslav</A> release sqlmap
|
||||
<B>0.9</B> featuring a totally rewritten and powerful SQL injection
|
||||
detection engine, the possibility to connect directly to a database
|
||||
|
@ -1444,23 +1444,49 @@ it.</P>
|
|||
|
||||
<P>Switch: <CODE>-</CODE><CODE>-predict-output</CODE></P>
|
||||
|
||||
<P>TODO</P>
|
||||
<P>This switch is used in inference algorithm for sequential statistical
|
||||
prediction of characters of value being retrieved. Based on items given in
|
||||
<CODE>txt/common-outputs.txt</CODE> together with the knowledge of current
|
||||
enumeration used statistical table with the most promising values is being
|
||||
built. In case that the value can be found among the common output values,
|
||||
as the process progresses, subsequent character tables are being narrowed
|
||||
more and more. If used in combination with retrieval of common DBMS
|
||||
entities, as with system table names and privileges, speed up is
|
||||
significant. Of course, you can edit the common outputs file according to
|
||||
your needs if, for instance, you notice common patterns in database table
|
||||
names or similar.</P>
|
||||
|
||||
<P>Note that this switch is not compatible with <CODE>-</CODE><CODE>-threads</CODE>
|
||||
switch.</P>
|
||||
|
||||
|
||||
<H3>HTTP Keep-Alive</H3>
|
||||
|
||||
<P>Switch: <CODE>-</CODE><CODE>-keep-alive</CODE></P>
|
||||
|
||||
<P>This switch instructs sqlmap to use persistent HTTP(s) connections.
|
||||
Note that this switch is incompatible with <CODE>-</CODE><CODE>-proxy</CODE> switch.</P>
|
||||
<P>This switch instructs sqlmap to use persistent HTTP(s) connections.</P>
|
||||
|
||||
<P>Note that this switch is incompatible with <CODE>-</CODE><CODE>-proxy</CODE>
|
||||
switch.</P>
|
||||
|
||||
|
||||
<H3>HTTP NULL connection</H3>
|
||||
|
||||
<P>Switch: <CODE>-</CODE><CODE>-null-connection</CODE></P>
|
||||
|
||||
<P>TODO
|
||||
Note that this switch is incompatible with <CODE>-</CODE><CODE>-text-only</CODE>
|
||||
<P>There are special HTTP request types which can be used to retrieve
|
||||
HTTP response's size without getting the HTTP body. This knowledge can be
|
||||
used in blind injection technique to distinguish <CODE>True</CODE> from
|
||||
<CODE>False</CODE> responses. When this switch is provided, sqlmap will try to
|
||||
test and exploit two different <EM>NULL connection</EM> techniques:
|
||||
<CODE>Range</CODE> and <CODE>HEAD</CODE>.
|
||||
If any of these is supported by the target web server, speed up will come
|
||||
from the obvious saving of used bandwidth.</P>
|
||||
|
||||
<P>These techniques are detailed in the white paper
|
||||
<A HREF="http://www.wisec.it/sectou.php?id=472f952d79293">Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)</A>.</P>
|
||||
|
||||
<P>Note that this switch is incompatible with <CODE>-</CODE><CODE>-text-only</CODE>
|
||||
switch.</P>
|
||||
|
||||
|
||||
|
@ -1485,6 +1511,9 @@ the bisection algorithm implemented in sqlmap.</P>
|
|||
injection technique. The maximum number of concurrent requests is set to
|
||||
<B>10</B> for performance and site reliability reasons.</P>
|
||||
|
||||
<P>Note that this switch is not compatible with
|
||||
<CODE>-</CODE><CODE>-predict-output</CODE> switch.</P>
|
||||
|
||||
|
||||
<H2><A NAME="ss5.5">5.5</A> <A HREF="#toc5.5">Injection</A>
|
||||
</H2>
|
||||
|
@ -1787,7 +1816,10 @@ injected) page content with the injected wrong page content.
|
|||
This way the distinction will be based upon string presence or regular
|
||||
expression match.</P>
|
||||
|
||||
<P>TODO: --text-only</P>
|
||||
<P>In cases with lot of active (e.g. scripts, embeds, etc.) content in the
|
||||
HTTP responses' body, you can filter pages (<CODE>-</CODE><CODE>-text-only</CODE>
|
||||
switch) just for their textual content. This way, in a good number of
|
||||
cases, you can automatically tune the detection engine.</P>
|
||||
|
||||
|
||||
<H2><A NAME="ss5.7">5.7</A> <A HREF="#toc5.7">Techniques</A>
|
||||
|
@ -2313,7 +2345,8 @@ of the following categories:</P>
|
|||
<UL>
|
||||
<LI>The database management system is MySQL <B>< 5.0</B> where
|
||||
<CODE>information_schema</CODE> is not available.</LI>
|
||||
<LI>The database management system is Microsoft Access where there TODO.</LI>
|
||||
<LI>The database management system is Microsoft Access and system table
|
||||
<CODE>MSysObjects</CODE> is not readable - default setting.</LI>
|
||||
<LI>The session user does not have read privileges against the system
|
||||
table storing the scheme of the databases.</LI>
|
||||
</UL>
|
||||
|
@ -2343,7 +2376,8 @@ cases usually fit into one of the following categories:</P>
|
|||
<UL>
|
||||
<LI>The database management system is MySQL <B>< 5.0</B> where
|
||||
<CODE>information_schema</CODE> is not available.</LI>
|
||||
<LI>The database management system is Microsoft Access where there TODO.</LI>
|
||||
<LI>The database management system is Microsoft Access where this
|
||||
kind of information is not available inside system tables.</LI>
|
||||
<LI>The session user does not have read privileges against the system
|
||||
table storing the scheme of the databases.</LI>
|
||||
</UL>
|
||||
|
@ -2800,7 +2834,7 @@ $ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int_bool.php?id=
|
|||
<BLOCKQUOTE><CODE>
|
||||
<PRE>
|
||||
100% [===================================================] 64/64
|
||||
[10:28:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
|
||||
[hh:mm:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
|
||||
|
||||
web application technology: PHP 5.2.6, Apache 2.2.9
|
||||
back-end DBMS: Oracle
|
||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
|
@ -4,7 +4,7 @@
|
|||
|
||||
<title>sqlmap user's manual
|
||||
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
|
||||
<date>version 0.9, April XX, 2011
|
||||
<date>version 0.9, April 10, 2011
|
||||
<abstract>
|
||||
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
|
||||
</abstract>
|
||||
|
@ -487,7 +487,7 @@ name="MS10-015">).
|
|||
|
||||
<p>
|
||||
<itemize>
|
||||
<item><bf>April XX</bf>, <htmlurl name="Bernardo and Miroslav"
|
||||
<item><bf>April 10</bf>, <htmlurl name="Bernardo and Miroslav"
|
||||
url="http://sqlmap.sourceforge.net/#developers"> release sqlmap
|
||||
<bf>0.9</bf> featuring a totally rewritten and powerful SQL injection
|
||||
detection engine, the possibility to connect directly to a database
|
||||
|
@ -1402,7 +1402,21 @@ Read below for details about each switch.
|
|||
Switch: <tt>-</tt><tt>-predict-output</tt>
|
||||
|
||||
<p>
|
||||
TODO
|
||||
This switch is used in inference algorithm for sequential statistical
|
||||
prediction of characters of value being retrieved. Based on items given in
|
||||
<tt>txt/common-outputs.txt</tt> together with the knowledge of current
|
||||
enumeration used statistical table with the most promising values is being
|
||||
built. In case that the value can be found among the common output values,
|
||||
as the process progresses, subsequent character tables are being narrowed
|
||||
more and more. If used in combination with retrieval of common DBMS
|
||||
entities, as with system table names and privileges, speed up is
|
||||
significant. Of course, you can edit the common outputs file according to
|
||||
your needs if, for instance, you notice common patterns in database table
|
||||
names or similar.
|
||||
|
||||
<p>
|
||||
Note that this switch is not compatible with <tt>-</tt><tt>-threads</tt>
|
||||
switch.
|
||||
|
||||
|
||||
<sect2>HTTP Keep-Alive
|
||||
|
@ -1412,6 +1426,8 @@ Switch: <tt>-</tt><tt>-keep-alive</tt>
|
|||
|
||||
<p>
|
||||
This switch instructs sqlmap to use persistent HTTP(s) connections.
|
||||
|
||||
<p>
|
||||
Note that this switch is incompatible with <tt>-</tt><tt>-proxy</tt>
|
||||
switch.
|
||||
|
||||
|
@ -1422,7 +1438,21 @@ switch.
|
|||
Switch: <tt>-</tt><tt>-null-connection</tt>
|
||||
|
||||
<p>
|
||||
TODO
|
||||
There are special HTTP request types which can be used to retrieve
|
||||
HTTP response's size without getting the HTTP body. This knowledge can be
|
||||
used in blind injection technique to distinguish <tt>True</tt> from
|
||||
<tt>False</tt> responses. When this switch is provided, sqlmap will try to
|
||||
test and exploit two different <em>NULL connection</em> techniques:
|
||||
<tt>Range</tt> and <tt>HEAD</tt>.
|
||||
If any of these is supported by the target web server, speed up will come
|
||||
from the obvious saving of used bandwidth.
|
||||
|
||||
<p>
|
||||
These techniques are detailed in the white paper
|
||||
<htmlurl url="http://www.wisec.it/sectou.php?id=472f952d79293"
|
||||
name="Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)">.
|
||||
|
||||
<p>
|
||||
Note that this switch is incompatible with <tt>-</tt><tt>-text-only</tt>
|
||||
switch.
|
||||
|
||||
|
@ -1448,9 +1478,12 @@ when that character is retrieved - it takes up to 7 HTTP(S) requests with
|
|||
the bisection algorithm implemented in sqlmap.
|
||||
|
||||
<p>
|
||||
Note that the multi-threading switch does not affect any other SQL
|
||||
injection technique. The maximum number of concurrent requests is set to
|
||||
<bf>10</bf> for performance and site reliability reasons.
|
||||
The maximum number of concurrent requests is set to <bf>10</bf> for
|
||||
performance and site reliability reasons.
|
||||
|
||||
<p>
|
||||
Note that this switch is not compatible with
|
||||
<tt>-</tt><tt>-predict-output</tt> switch.
|
||||
|
||||
|
||||
<sect1>Injection
|
||||
|
@ -2904,7 +2937,7 @@ Then:
|
|||
|
||||
<tscreen><verb>
|
||||
100% [===================================================] 64/64
|
||||
[10:28:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
|
||||
[hh:mm:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
|
||||
|
||||
web application technology: PHP 5.2.6, Apache 2.2.9
|
||||
back-end DBMS: Oracle
|
||||
|
|
Loading…
Reference in New Issue
Block a user