mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-22 19:54:55 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			229 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			229 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 | |
| <HTML>
 | |
| <HEAD>
 | |
|  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
 | |
|  <TITLE>sqlmap - Frequently Asked Questions</TITLE>
 | |
| </HEAD>
 | |
| <BODY>
 | |
| <H1>sqlmap - Frequently Asked Questions</H1>
 | |
| 
 | |
| <H2>by 
 | |
| <A HREF="mailto:bernardo@sqlmap.org">Bernardo Damele A. G.</A>,
 | |
| <A HREF="mailto:miroslav@sqlmap.org">Miroslav Stampar</A></H2>
 | |
| <HR>
 | |
| <EM>This document contains frequently asked questions for 
 | |
| <A HREF="http://www.sqlmap.org">sqlmap</A>.</EM>
 | |
| <HR>
 | |
| <P>
 | |
| <H2><A NAME="toc1">1.</A> <A HREF="FAQ.html#s1">Frequently Asked Questions</A></H2>
 | |
| 
 | |
| <UL>
 | |
| <LI><A NAME="toc1.1">1.1</A> <A HREF="FAQ.html#ss1.1">What is sqlmap?</A>
 | |
| <LI><A NAME="toc1.2">1.2</A> <A HREF="FAQ.html#ss1.2">How do I execute sqlmap?</A>
 | |
| <LI><A NAME="toc1.3">1.3</A> <A HREF="FAQ.html#ss1.3">Can I integrate sqlmap with a security tool I am developing?</A>
 | |
| <LI><A NAME="toc1.4">1.4</A> <A HREF="FAQ.html#ss1.4">Will you support other database management systems?</A>
 | |
| <LI><A NAME="toc1.5">1.5</A> <A HREF="FAQ.html#ss1.5">How can I occasionally contribute?</A>
 | |
| <LI><A NAME="toc1.6">1.6</A> <A HREF="FAQ.html#ss1.6">Can I actively contribute in the long-term development?</A>
 | |
| <LI><A NAME="toc1.7">1.7</A> <A HREF="FAQ.html#ss1.7">How can I support the development?</A>
 | |
| <LI><A NAME="toc1.8">1.8</A> <A HREF="FAQ.html#ss1.8">Can you hack a site for me?</A>
 | |
| <LI><A NAME="toc1.9">1.9</A> <A HREF="FAQ.html#ss1.9">When sqlmap will switch to the Python 3?</A>
 | |
| <LI><A NAME="toc1.10">1.10</A> <A HREF="FAQ.html#ss1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
 | |
| <LI><A NAME="toc1.11">1.11</A> <A HREF="FAQ.html#ss1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
 | |
| <LI><A NAME="toc1.12">1.12</A> <A HREF="FAQ.html#ss1.12">Why is sqlmap not able to get password hashes in some cases?</A>
 | |
| <LI><A NAME="toc1.13">1.13</A> <A HREF="FAQ.html#ss1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
 | |
| <LI><A NAME="toc1.14">1.14</A> <A HREF="FAQ.html#ss1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
 | |
| <LI><A NAME="toc1.15">1.15</A> <A HREF="FAQ.html#ss1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
 | |
| <LI><A NAME="toc1.16">1.16</A> <A HREF="FAQ.html#ss1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
 | |
| <LI><A NAME="toc1.17">1.17</A> <A HREF="FAQ.html#ss1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
 | |
| </UL>
 | |
| 
 | |
| <HR>
 | |
| <H2><A NAME="s1">1.</A> <A HREF="#toc1">Frequently Asked Questions</A></H2>
 | |
| 
 | |
| <H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">What is sqlmap?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>sqlmap is an open source penetration testing tool that automates the
 | |
| process of detecting and exploiting SQL injection flaws and taking over
 | |
| of database servers. It comes with a powerful detection engine, many niche
 | |
| features for the ultimate penetration tester and a broad range of switches
 | |
| lasting from database fingerprinting, over data fetching from the
 | |
| database, to accessing the underlying file system and executing commands
 | |
| on the operating system via out-of-band connections.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">How do I execute sqlmap?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>If you are running on a Unix/Linux system type the following command
 | |
| from a terminal:
 | |
| <BLOCKQUOTE><CODE>
 | |
| <PRE>
 | |
| python sqlmap.py -h
 | |
| </PRE>
 | |
| </CODE></BLOCKQUOTE>
 | |
| </P>
 | |
| 
 | |
| <P>If you are running on a Windows system type the following command
 | |
| from a terminal:
 | |
| <BLOCKQUOTE><CODE>
 | |
| <PRE>
 | |
| C:\Python26\python.exe sqlmap.py -h
 | |
| </PRE>
 | |
| </CODE></BLOCKQUOTE>
 | |
| </P>
 | |
| 
 | |
| <P>Where <CODE>C:\Python26</CODE> is the path where you installed 
 | |
| <A HREF="http://www.python.org">Python</A> <B>>= 2.6</B>.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.3">1.3</A> <A HREF="#toc1.3">Can I integrate sqlmap with a security tool I am developing?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Yes. sqlmap is released under the terms of the GPLv2, which means that any
 | |
| derivative work must be distributed without further restrictions on the
 | |
| rights granted by the GPL itself.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.4">1.4</A> <A HREF="#toc1.4">Will you support other database management systems?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Yes. There are plans to support also Informix and Ingres at some
 | |
| point of time.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">How can I occasionally contribute?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>All help is greatly appreciated. First of all download the tool, make sure
 | |
| you are running the latest development version from the Subversion
 | |
| repository, read the user's manual carefully, have fun with it during your
 | |
| penetration tests.
 | |
| If you find bugs or have ideas for possible improvements, feel free to
 | |
| <A HREF="http://www.sqlmap.org/#ml">get in touch on the mailing list</A>. Many people have 
 | |
| <A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS">contributed</A> in different ways to the sqlmap development.
 | |
| <B>You</B> can be the next!</P>
 | |
| 
 | |
| <H2><A NAME="ss1.6">1.6</A> <A HREF="#toc1.6">Can I actively contribute in the long-term development?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Yes, we are looking for people who can write some clean Python code, are
 | |
| up to do security research, know about web application security, database
 | |
| assessment and takeover, software refactoring and are motivated to join
 | |
| the development team.
 | |
| If this sounds interesting to you, 
 | |
| <A HREF="http://www.sqlmap.org/#developers">get in touch</A>!</P>
 | |
| 
 | |
| <H2><A NAME="ss1.7">1.7</A> <A HREF="#toc1.7">How can I support the development?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>If you think that sqlmap is a great tool, it really played well during
 | |
| your penetration tests, or you simply like it, you, or your boss, can
 | |
| <A HREF="http://www.sqlmap.org/#donate">donate some money</A> to the developers via PayPal.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.8">1.8</A> <A HREF="#toc1.8">Can you hack a site for me?</A>
 | |
| </H2>
 | |
| 
 | |
| <P><B>No</B>.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.9">1.9</A> <A HREF="#toc1.9">When sqlmap will switch to the Python 3?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Currently there is no pressure on Python projects to switch to the new
 | |
| version of Python interpreter, as the process of switching, especially on
 | |
| larger projects can be cumbersome (due to the few backward incompatibilities).
 | |
| The switch will take place eventually, but currently it's a very low priority task.</P>
 | |
| 
 | |
| <H2><A NAME="ss1.10">1.10</A> <A HREF="#toc1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>sqlmap needs to properly decode page content to be able to properly 
 | |
| detect and deal with internationalized characters. In some cases web developers
 | |
| are doing mistakes when declaring used web page charset (e.g. <CODE>iso_8859</CODE> instead 
 | |
| of standardized name <CODE>iso-8859</CODE>), which can cause problems. As a failsafe mechanism
 | |
| we've incorporated heuristic detection engine
 | |
| <A HREF="http://chardet.feedparser.org/">chardet</A>, 
 | |
| so in most cases sqlmap will deal with this kind of problems automatically.
 | |
| Nevertheless, you are strongly advised to report us back those typographic "mistakes" 
 | |
| so we could handle them manually inside the code.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/737">#1</A>
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1232">#2</A>
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1239">#3</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.11">1.11</A> <A HREF="#toc1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Just put * to the place where sqlmap should check for injections in URI 
 | |
| itself. In example: <CODE>./sqlmap.py -u "www.site.com/id1/1*/id2/2"</CODE> sqlmap 
 | |
| will try to inject the payloads just at that place marked with * character.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/731">#1</A>
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/728">#2</A>
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1258">#3</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.12">1.12</A> <A HREF="#toc1.12">Why is sqlmap not able to get password hashes in some cases?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>You most probably don't have enough permissions for querying on a system 
 | |
| table containing password hashes.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/714">#1</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.13">1.13</A> <A HREF="#toc1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>Switch <CODE>-</CODE><CODE>-text-only</CODE> is used for removing non-textual data (tags, 
 | |
| javascripts, styles,...) from the retrieved page content to further 
 | |
| improve detection capabilities.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/699">#1</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.14">1.14</A> <A HREF="#toc1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>There are few IDSes that filter out all sqlmap requests based on default 
 | |
| User-Agent HTTP header used (e.g. <CODE>"User-agent: sqlmap/1.0-dev"</CODE>). To prevent this
 | |
| kind of situations you are advised to use switch <CODE>-</CODE><CODE>-random-agent</CODE>.
 | |
| If you are getting those kind of messages for all targets then you
 | |
| most probably need to properly set up your proxy settings (switches <CODE>-</CODE><CODE>-proxy</CODE>
 | |
| and/or <CODE>-</CODE><CODE>-ignore-proxy</CODE>)</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1241">#1</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.15">1.15</A> <A HREF="#toc1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
 | |
| and/or <CODE>-</CODE><CODE>-sql-shell</CODE>?</H2>
 | |
| 
 | |
| <P>It is possible to use those commands, but only if the stacked injection is supported
 | |
| by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
 | |
| attacks are Microsoft SQL Server and PostgreSQL.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1237">#1</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.16">1.16</A> <A HREF="#toc1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>You are most probably using outdated version of Python. sqlmap is generally
 | |
| supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly
 | |
| advised to use versions 2.6 and 2.7.</P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1231">#1</A></P>
 | |
| 
 | |
| <H2><A NAME="ss1.17">1.17</A> <A HREF="#toc1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
 | |
| </H2>
 | |
| 
 | |
| <P>In most of those kind of cases blatant error message detection is used by commercial
 | |
| tools making some "false positive" claims. You have to be aware that
 | |
| DBMS error message doesn't mean that the affected web application is vulnerable to
 | |
| SQL injection attacks. sqlmap goes several steps further and never claims
 | |
| an injection point without making through tests if it can be exploited at the first place. </P>
 | |
| 
 | |
| <P>Question(s):
 | |
| <A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/970">#1</A></P>
 | |
| 
 | |
| </BODY>
 | |
| </HTML>
 |