mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Updated Usage (markdown)
parent
cc586e0e3f
commit
13bec54bcd
4
Usage.md
4
Usage.md
|
@ -726,7 +726,7 @@ For instance, to skip testing for HTTP header `User-Agent` and HTTP header `Refe
|
||||||
|
|
||||||
#### URI injection point
|
#### URI injection point
|
||||||
|
|
||||||
There are special cases when injection point is within the URI itself. sqlmap does not perform any automatic test against URI paths, unless manually pointed to. You have to specify these injection points in the command line by appending an asterisk (`*`) after each URI point that you want sqlmap to test for and exploit a SQL injection.
|
There are special cases when injection point is within the URI itself. sqlmap does not perform any automatic test against URI paths, unless manually pointed to. You have to specify these injection points in the command line by appending an asterisk (`*`) (Note: Havij style `%INJECT HERE%` is also supported) after each URI point that you want sqlmap to test for and exploit a SQL injection.
|
||||||
|
|
||||||
This is particularly useful when, for instance, Apache web server's [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) module is in use or other similar technologies.
|
This is particularly useful when, for instance, Apache web server's [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) module is in use or other similar technologies.
|
||||||
|
|
||||||
|
@ -738,7 +738,7 @@ $ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
|
||||||
|
|
||||||
#### Arbitrary injection point
|
#### Arbitrary injection point
|
||||||
|
|
||||||
Similar to URI injection point, asterisk (`*`) can also be used to point to the arbitrary injection point inside GET, POST or HTTP headers. Injection point can be specified by marking it inside the GET parameter value(s) provided with option `-u`, POST parameter value(s) provided with option `--data`, HTTP header value(s) provided with options `-H`, `--headers`, `--user-agent`, `--referer` and/or `--cookie`, or at generic place inside HTTP request loaded from file with option `-r`.
|
Similar to URI injection point, asterisk (`*`) (Note: Havij style `%INJECT HERE%` is also supported) can also be used to point to the arbitrary injection point inside GET, POST or HTTP headers. Injection point can be specified by marking it inside the GET parameter value(s) provided with option `-u`, POST parameter value(s) provided with option `--data`, HTTP header value(s) provided with options `-H`, `--headers`, `--user-agent`, `--referer` and/or `--cookie`, or at generic place inside HTTP request loaded from file with option `-r`.
|
||||||
|
|
||||||
An example of valid command line would be:
|
An example of valid command line would be:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user