mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
229 lines
11 KiB
HTML
229 lines
11 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
|
|
<TITLE>sqlmap - Frequently Asked Questions</TITLE>
|
|
</HEAD>
|
|
<BODY>
|
|
<H1>sqlmap - Frequently Asked Questions</H1>
|
|
|
|
<H2>by
|
|
<A HREF="mailto:bernardo@sqlmap.org">Bernardo Damele A. G.</A>,
|
|
<A HREF="mailto:miroslav@sqlmap.org">Miroslav Stampar</A></H2>
|
|
<HR>
|
|
<EM>This document contains frequently asked questions for
|
|
<A HREF="http://www.sqlmap.org">sqlmap</A>.</EM>
|
|
<HR>
|
|
<P>
|
|
<H2><A NAME="toc1">1.</A> <A HREF="FAQ.html#s1">Frequently Asked Questions</A></H2>
|
|
|
|
<UL>
|
|
<LI><A NAME="toc1.1">1.1</A> <A HREF="FAQ.html#ss1.1">What is sqlmap?</A>
|
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="FAQ.html#ss1.2">How do I execute sqlmap?</A>
|
|
<LI><A NAME="toc1.3">1.3</A> <A HREF="FAQ.html#ss1.3">Can I integrate sqlmap with a security tool I am developing?</A>
|
|
<LI><A NAME="toc1.4">1.4</A> <A HREF="FAQ.html#ss1.4">Will you support other database management systems?</A>
|
|
<LI><A NAME="toc1.5">1.5</A> <A HREF="FAQ.html#ss1.5">How can I occasionally contribute?</A>
|
|
<LI><A NAME="toc1.6">1.6</A> <A HREF="FAQ.html#ss1.6">Can I actively contribute in the long-term development?</A>
|
|
<LI><A NAME="toc1.7">1.7</A> <A HREF="FAQ.html#ss1.7">How can I support the development?</A>
|
|
<LI><A NAME="toc1.8">1.8</A> <A HREF="FAQ.html#ss1.8">Can you hack a site for me?</A>
|
|
<LI><A NAME="toc1.9">1.9</A> <A HREF="FAQ.html#ss1.9">When sqlmap will switch to the Python 3?</A>
|
|
<LI><A NAME="toc1.10">1.10</A> <A HREF="FAQ.html#ss1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
|
<LI><A NAME="toc1.11">1.11</A> <A HREF="FAQ.html#ss1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
|
<LI><A NAME="toc1.12">1.12</A> <A HREF="FAQ.html#ss1.12">Why is sqlmap not able to get password hashes in some cases?</A>
|
|
<LI><A NAME="toc1.13">1.13</A> <A HREF="FAQ.html#ss1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
|
<LI><A NAME="toc1.14">1.14</A> <A HREF="FAQ.html#ss1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
|
<LI><A NAME="toc1.15">1.15</A> <A HREF="FAQ.html#ss1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
|
<LI><A NAME="toc1.16">1.16</A> <A HREF="FAQ.html#ss1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
|
<LI><A NAME="toc1.17">1.17</A> <A HREF="FAQ.html#ss1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
|
</UL>
|
|
|
|
<HR>
|
|
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Frequently Asked Questions</A></H2>
|
|
|
|
<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">What is sqlmap?</A>
|
|
</H2>
|
|
|
|
<P>sqlmap is an open source penetration testing tool that automates the
|
|
process of detecting and exploiting SQL injection flaws and taking over
|
|
of database servers. It comes with a powerful detection engine, many niche
|
|
features for the ultimate penetration tester and a broad range of switches
|
|
lasting from database fingerprinting, over data fetching from the
|
|
database, to accessing the underlying file system and executing commands
|
|
on the operating system via out-of-band connections.</P>
|
|
|
|
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">How do I execute sqlmap?</A>
|
|
</H2>
|
|
|
|
<P>If you are running on a Unix/Linux system type the following command
|
|
from a terminal:
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
python sqlmap.py -h
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
</P>
|
|
|
|
<P>If you are running on a Windows system type the following command
|
|
from a terminal:
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
C:\Python26\python.exe sqlmap.py -h
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
</P>
|
|
|
|
<P>Where <CODE>C:\Python26</CODE> is the path where you installed
|
|
<A HREF="http://www.python.org">Python</A> <B>>= 2.6</B>.</P>
|
|
|
|
<H2><A NAME="ss1.3">1.3</A> <A HREF="#toc1.3">Can I integrate sqlmap with a security tool I am developing?</A>
|
|
</H2>
|
|
|
|
<P>Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
|
derivative work must be distributed without further restrictions on the
|
|
rights granted by the GPL itself.</P>
|
|
|
|
<H2><A NAME="ss1.4">1.4</A> <A HREF="#toc1.4">Will you support other database management systems?</A>
|
|
</H2>
|
|
|
|
<P>Yes. There are plans to support also Informix and Ingres at some
|
|
point of time.</P>
|
|
|
|
<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">How can I occasionally contribute?</A>
|
|
</H2>
|
|
|
|
<P>All help is greatly appreciated. First of all download the tool, make sure
|
|
you are running the latest development version from the Subversion
|
|
repository, read the user's manual carefully, have fun with it during your
|
|
penetration tests.
|
|
If you find bugs or have ideas for possible improvements, feel free to
|
|
<A HREF="http://www.sqlmap.org/#ml">get in touch on the mailing list</A>. Many people have
|
|
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS">contributed</A> in different ways to the sqlmap development.
|
|
<B>You</B> can be the next!</P>
|
|
|
|
<H2><A NAME="ss1.6">1.6</A> <A HREF="#toc1.6">Can I actively contribute in the long-term development?</A>
|
|
</H2>
|
|
|
|
<P>Yes, we are looking for people who can write some clean Python code, are
|
|
up to do security research, know about web application security, database
|
|
assessment and takeover, software refactoring and are motivated to join
|
|
the development team.
|
|
If this sounds interesting to you,
|
|
<A HREF="http://www.sqlmap.org/#developers">get in touch</A>!</P>
|
|
|
|
<H2><A NAME="ss1.7">1.7</A> <A HREF="#toc1.7">How can I support the development?</A>
|
|
</H2>
|
|
|
|
<P>If you think that sqlmap is a great tool, it really played well during
|
|
your penetration tests, or you simply like it, you, or your boss, can
|
|
<A HREF="http://www.sqlmap.org/#donate">donate some money</A> to the developers via PayPal.</P>
|
|
|
|
<H2><A NAME="ss1.8">1.8</A> <A HREF="#toc1.8">Can you hack a site for me?</A>
|
|
</H2>
|
|
|
|
<P><B>No</B>.</P>
|
|
|
|
<H2><A NAME="ss1.9">1.9</A> <A HREF="#toc1.9">When sqlmap will switch to the Python 3?</A>
|
|
</H2>
|
|
|
|
<P>Currently there is no pressure on Python projects to switch to the new
|
|
version of Python interpreter, as the process of switching, especially on
|
|
larger projects can be cumbersome (due to the few backward incompatibilities).
|
|
The switch will take place eventually, but currently it's a very low priority task.</P>
|
|
|
|
<H2><A NAME="ss1.10">1.10</A> <A HREF="#toc1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
|
</H2>
|
|
|
|
<P>sqlmap needs to properly decode page content to be able to properly
|
|
detect and deal with internationalized characters. In some cases web developers
|
|
are doing mistakes when declaring used web page charset (e.g. <CODE>iso_8859</CODE> instead
|
|
of standardized name <CODE>iso-8859</CODE>), which can cause problems. As a failsafe mechanism
|
|
we've incorporated heuristic detection engine
|
|
<A HREF="http://chardet.feedparser.org/">chardet</A>,
|
|
so in most cases sqlmap will deal with this kind of problems automatically.
|
|
Nevertheless, you are strongly advised to report us back those typographic "mistakes"
|
|
so we could handle them manually inside the code.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/737">#1</A>
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1232">#2</A>
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1239">#3</A></P>
|
|
|
|
<H2><A NAME="ss1.11">1.11</A> <A HREF="#toc1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
|
</H2>
|
|
|
|
<P>Just put * to the place where sqlmap should check for injections in URI
|
|
itself. In example: <CODE>./sqlmap.py -u "www.site.com/id1/1*/id2/2"</CODE> sqlmap
|
|
will try to inject the payloads just at that place marked with * character.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/731">#1</A>
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/728">#2</A>
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1258">#3</A></P>
|
|
|
|
<H2><A NAME="ss1.12">1.12</A> <A HREF="#toc1.12">Why is sqlmap not able to get password hashes in some cases?</A>
|
|
</H2>
|
|
|
|
<P>You most probably don't have enough permissions for querying on a system
|
|
table containing password hashes.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/714">#1</A></P>
|
|
|
|
<H2><A NAME="ss1.13">1.13</A> <A HREF="#toc1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
|
</H2>
|
|
|
|
<P>Switch <CODE>-</CODE><CODE>-text-only</CODE> is used for removing non-textual data (tags,
|
|
javascripts, styles,...) from the retrieved page content to further
|
|
improve detection capabilities.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/699">#1</A></P>
|
|
|
|
<H2><A NAME="ss1.14">1.14</A> <A HREF="#toc1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
|
</H2>
|
|
|
|
<P>There are few IDSes that filter out all sqlmap requests based on default
|
|
User-Agent HTTP header used (e.g. <CODE>"User-agent: sqlmap/1.0-dev"</CODE>). To prevent this
|
|
kind of situations you are advised to use switch <CODE>-</CODE><CODE>-random-agent</CODE>.
|
|
If you are getting those kind of messages for all targets then you
|
|
most probably need to properly set up your proxy settings (switches <CODE>-</CODE><CODE>-proxy</CODE>
|
|
and/or <CODE>-</CODE><CODE>-ignore-proxy</CODE>)</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1241">#1</A></P>
|
|
|
|
<H2><A NAME="ss1.15">1.15</A> <A HREF="#toc1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
|
and/or <CODE>-</CODE><CODE>-sql-shell</CODE>?</H2>
|
|
|
|
<P>It is possible to use those commands, but only if the stacked injection is supported
|
|
by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
|
|
attacks are Microsoft SQL Server and PostgreSQL.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1237">#1</A></P>
|
|
|
|
<H2><A NAME="ss1.16">1.16</A> <A HREF="#toc1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
|
</H2>
|
|
|
|
<P>You are most probably using outdated version of Python. sqlmap is generally
|
|
supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly
|
|
advised to use versions 2.6 and 2.7.</P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1231">#1</A></P>
|
|
|
|
<H2><A NAME="ss1.17">1.17</A> <A HREF="#toc1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
|
</H2>
|
|
|
|
<P>In most of those kind of cases blatant error message detection is used by commercial
|
|
tools making some "false positive" claims. You have to be aware that
|
|
DBMS error message doesn't mean that the affected web application is vulnerable to
|
|
SQL injection attacks. sqlmap goes several steps further and never claims
|
|
an injection point without making through tests if it can be exploited at the first place. </P>
|
|
|
|
<P>Question(s):
|
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/970">#1</A></P>
|
|
|
|
</BODY>
|
|
</HTML>
|