mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
211 lines
7.6 KiB
Plaintext
211 lines
7.6 KiB
Plaintext
<!doctype linuxdoc system>
|
|
|
|
<article>
|
|
|
|
<title>sqlmap - Frequently Asked Questions
|
|
<author>by <htmlurl url="mailto:bernardo@sqlmap.org" name="Bernardo Damele A. G.">,
|
|
<htmlurl url="mailto:miroslav@sqlmap.org" name="Miroslav Stampar">
|
|
<abstract>
|
|
This document contains frequently asked questions for <htmlurl
|
|
url="http://www.sqlmap.org" name="sqlmap">.
|
|
</abstract>
|
|
|
|
<toc>
|
|
|
|
<sect>Frequently Asked Questions
|
|
|
|
<sect1>What is sqlmap?
|
|
|
|
<p>
|
|
sqlmap is an open source penetration testing tool that automates the
|
|
process of detecting and exploiting SQL injection flaws and taking over
|
|
of database servers. It comes with a powerful detection engine, many niche
|
|
features for the ultimate penetration tester and a broad range of switches
|
|
lasting from database fingerprinting, over data fetching from the
|
|
database, to accessing the underlying file system and executing commands
|
|
on the operating system via out-of-band connections.
|
|
|
|
<sect1>How do I execute sqlmap?
|
|
|
|
<p>
|
|
If you are running on a Unix/Linux system type the following command
|
|
from a terminal:
|
|
<tscreen><verb>
|
|
python sqlmap.py -h
|
|
</verb></tscreen>
|
|
|
|
<p>
|
|
If you are running on a Windows system type the following command
|
|
from a terminal:
|
|
<tscreen><verb>
|
|
C:\Python26\python.exe sqlmap.py -h
|
|
</verb></tscreen>
|
|
|
|
<p>
|
|
Where <tt>C:\Python26</tt> is the path where you installed <htmlurl
|
|
url="http://www.python.org" name="Python"> <bf>>= 2.6</bf>.
|
|
|
|
<sect1>Can I integrate sqlmap with a security tool I am developing?
|
|
|
|
<p>
|
|
Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
|
derivative work must be distributed without further restrictions on the
|
|
rights granted by the GPL itself.
|
|
|
|
<sect1>Will you support other database management systems?
|
|
|
|
<p>
|
|
Yes. There are plans to support also Informix and Ingres at some
|
|
point of time.
|
|
|
|
<sect1>How can I occasionally contribute?
|
|
|
|
<p>
|
|
All help is greatly appreciated. First of all download the tool, make sure
|
|
you are running the latest development version from the Subversion
|
|
repository, read the user's manual carefully, have fun with it during your
|
|
penetration tests.
|
|
If you find bugs or have ideas for possible improvements, feel free to
|
|
<htmlurl url="http://www.sqlmap.org/#ml" name="get in touch on the
|
|
mailing list">. Many people have <htmlurl
|
|
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS"
|
|
name="contributed"> in different ways to the sqlmap development.
|
|
<bf>You</bf> can be the next!
|
|
|
|
<sect1>Can I actively contribute in the long-term development?
|
|
|
|
<p>
|
|
Yes, we are looking for people who can write some clean Python code, are
|
|
up to do security research, know about web application security, database
|
|
assessment and takeover, software refactoring and are motivated to join
|
|
the development team.
|
|
If this sounds interesting to you, <htmlurl
|
|
url="http://www.sqlmap.org/#developers" name="get in touch">!
|
|
|
|
<sect1>How can I support the development?
|
|
|
|
<p>
|
|
If you think that sqlmap is a great tool, it really played well during
|
|
your penetration tests, or you simply like it, you, or your boss, can
|
|
<htmlurl url="http://www.sqlmap.org/#donate" name="donate
|
|
some money"> to the developers via PayPal.
|
|
|
|
<sect1>Can you hack a site for me?
|
|
|
|
<p>
|
|
<bf>No</bf>.
|
|
|
|
<sect1>When sqlmap will switch to the Python 3?
|
|
|
|
<p>
|
|
Currently there is no pressure on Python projects to switch to the new
|
|
version of Python interpreter, as the process of switching, especially on
|
|
larger projects can be cumbersome (due to the few backward incompatibilities).
|
|
The switch will take place eventually, but currently it's a very low priority task.
|
|
|
|
<sect1>What does <tt>"WARNING unknown charset '...'"</tt> mean?
|
|
|
|
<p>
|
|
sqlmap needs to properly decode page content to be able to properly
|
|
detect and deal with internationalized characters. In some cases web developers
|
|
are doing mistakes when declaring used web page charset (e.g. <tt>iso_8859</tt> instead
|
|
of standardized name <tt>iso-8859</tt>), which can cause problems. As a failsafe mechanism
|
|
we've incorporated heuristic detection engine
|
|
<htmlurl url="http://chardet.feedparser.org/" name="chardet">,
|
|
so in most cases sqlmap will deal with this kind of problems automatically.
|
|
Nevertheless, you are strongly advised to report us back those typographic "mistakes"
|
|
so we could handle them manually inside the code.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/737" name="#1">
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1232" name="#2">
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1239" name="#3">
|
|
|
|
<sect1>How to use sqlmap with <tt>mod_rewrite</tt> enabled?
|
|
|
|
<p>
|
|
Just put * to the place where sqlmap should check for injections in URI
|
|
itself. In example: <tt>./sqlmap.py -u "www.site.com/id1/1*/id2/2"</tt> sqlmap
|
|
will try to inject the payloads just at that place marked with * character.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/731" name="#1">
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/728" name="#2">
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1258" name="#3">
|
|
|
|
<sect1>Why is sqlmap not able to get password hashes in some cases?
|
|
|
|
<p>
|
|
You most probably don't have enough permissions for querying on a system
|
|
table containing password hashes.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/714" name="#1">
|
|
|
|
<sect1>What is <tt>-</tt><tt>-text-only</tt> switch?
|
|
|
|
<p>
|
|
Switch <tt>-</tt><tt>-text-only</tt> is used for removing non-textual data (tags,
|
|
javascripts, styles,...) from the retrieved page content to further
|
|
improve detection capabilities.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/699" name="#1">
|
|
|
|
<sect1>I am getting <tt>"CRITICAL connection timed"</tt> while I am able to browse
|
|
the site normally?
|
|
|
|
<p>
|
|
There are few IDSes that filter out all sqlmap requests based on default
|
|
User-Agent HTTP header used (e.g. <tt>"User-agent: sqlmap/1.0-dev"</tt>). To prevent this
|
|
kind of situations you are advised to use switch <tt>-</tt><tt>-random-agent</tt>.
|
|
If you are getting those kind of messages for all targets then you
|
|
most probably need to properly set up your proxy settings (switches <tt>-</tt><tt>-proxy</tt>
|
|
and/or <tt>-</tt><tt>-ignore-proxy</tt>)
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1241" name="#1">
|
|
|
|
<sect1>Is it possible to use <tt>"INSERT/UPDATE"</tt> SQL commands via <tt>-</tt><tt>-sql-query</tt>
|
|
and/or <tt>-</tt><tt>-sql-shell</tt>?
|
|
|
|
<p>
|
|
It is possible to use those commands, but only if the stacked injection is supported
|
|
by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
|
|
attacks are Microsoft SQL Server and PostgreSQL.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1237" name="#1">
|
|
|
|
<sect1>I am getting <tt>"finally: SyntaxError: invalid syntax"</tt> when trying to run sqlmap?
|
|
|
|
<p>
|
|
You are most probably using outdated version of Python. sqlmap is generally
|
|
supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly
|
|
advised to use versions 2.6 and 2.7.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1231" name="#1">
|
|
|
|
<sect1>sqlmap is not able to detect/exploit injection while other commercial tools are?
|
|
|
|
<p>
|
|
In most of those kind of cases blatant error message detection is used by commercial
|
|
tools making some "false positive" claims. You have to be aware that
|
|
DBMS error message doesn't mean that the affected web application is vulnerable to
|
|
SQL injection attacks. sqlmap goes several steps further and never claims
|
|
an injection point without making through tests if it can be exploited at the first place.
|
|
|
|
<p>
|
|
Question(s):
|
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/970" name="#1">
|
|
|
|
</article>
|