diff --git a/doc/ChangeLog b/doc/ChangeLog index bc391b4fd..ae84d3f28 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,11 +1,16 @@ sqlmap (0.6.3-1) stable; urgency=low + * Minor enhancement to be able to specify the number of seconds to wait + between each HTTP request; + * Minor improvements to sqlmap Debian package files: sqlmap uploaded + to official Debian project repository; + * Minor bug fix to handle session.error and session.timeout in HTTP + requests; * Minor bug fix to correctly dump table entries when the column is provided; -- Bernardo Damele A. G. Day, X YYY 2008 10:00:00 +0000 - sqlmap (0.6.2-1) stable; urgency=low * Major bug fix to correctly dump tables entries when --stop is not @@ -32,7 +37,6 @@ sqlmap (0.6.2-1) stable; urgency=low -- Bernardo Damele A. G. Sun, 2 Nov 2008 19:00:00 +0000 - sqlmap (0.6.1-1) stable; urgency=low * Major bug fix to blind SQL injection bisection algorithm to handle an @@ -54,7 +58,6 @@ sqlmap (0.6.1-1) stable; urgency=low -- Bernardo Damele A. G. Fri, 20 Oct 2008 10:00:00 +0000 - sqlmap (0.6-1) stable; urgency=low * Complete code refactor and many bugs fixed; @@ -120,7 +123,6 @@ sqlmap (0.6-1) stable; urgency=low -- Bernardo Damele A. G. Mon, 1 Sep 2008 10:00:00 +0100 - sqlmap (0.5-1) stable; urgency=low * Added support for Oracle database management system @@ -168,7 +170,6 @@ sqlmap (0.5-1) stable; urgency=low -- Bernardo Damele A. G. Sun, 4 Nov 2007 20:00:00 +0100 - sqlmap (0.4-1) stable; urgency=low * Added DBMS fingerprint based also upon HTML error messages parsing @@ -214,7 +215,6 @@ sqlmap (0.4-1) stable; urgency=low -- Bernardo Damele A. G. Fri, 15 Jun 2007 20:00:00 +0100 - sqlmap (0.3-1) stable; urgency=low * Added module for MS SQL Server; @@ -235,7 +235,6 @@ sqlmap (0.3-1) stable; urgency=low -- Bernardo Damele A. G. Sat, 20 Jan 2007 20:00:00 +0100 - sqlmap (0.2-1) stable; urgency=low * complete refactor of entire program; diff --git a/doc/README.html b/doc/README.html index 87c45b56a..421e8d2ec 100644 --- a/doc/README.html +++ b/doc/README.html @@ -8,7 +8,7 @@

sqlmap user's manual

by -Bernardo Damele A. G.

version 0.6.2, 4th of November 2008 +Bernardo Damele A. G.version 0.6.3, DDth of November 2008
This document is the user's manual to use sqlmap. @@ -295,19 +295,19 @@ It is available in various formats:

@@ -334,7 +334,7 @@ and 
 $ python sqlmap.py -h
 
-    sqlmap/0.6.2 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
+    sqlmap/0.6.3 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
                         and Daniele Bellucci <daniele.bellucci@gmail.com>
     
 Usage: sqlmap.py [options] {-u <URL> | -g <google dork> | -c <config file>}
@@ -535,7 +535,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat
 [hh:mm:28] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:29] [INFO] testing MySQL
@@ -544,7 +544,7 @@ Connection: close
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%207994=7994&cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
@@ -562,7 +562,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat [hh:mm:32] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:32] [TRAFFIC IN] HTTP response (OK - 200): @@ -580,7 +580,7 @@ Content-Type: text/html GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%204435=4435&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:33] [TRAFFIC IN] HTTP response (OK - 200): @@ -607,7 +607,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat [hh:mm:23] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:23] [TRAFFIC IN] HTTP response (OK - 200): @@ -632,7 +632,7 @@ Content-Type: text/html GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2851%29%2C%20 CHAR%2851%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%201855=1855&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:24] [TRAFFIC IN] HTTP response (OK - 200): @@ -749,7 +749,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&ca 
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2" -v 1 \
-  -p user-agent --user-agent "sqlmap/0.6.2 (http://sqlmap.sourceforge.net)"
+  -p user-agent --user-agent "sqlmap/0.6.3 (http://sqlmap.sourceforge.net)"
 
 [hh:mm:40] [WARNING] the testable parameter 'user-agent' you provided is not into the GET
 [hh:mm:40] [INFO] testing connection to the target url
@@ -895,7 +895,7 @@ $ python sqlmap.py -u "http://192.168.1.125/sqlmap/get_str.asp?name=luther" -v 3
 [hh:mm:39] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/get_str.asp?name=luther HTTP/1.1
 Host: 192.168.1.125:80
-User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net)
 Cookie: ASPSESSIONIDSABTRCAS=HPCBGONANJBGFJFHGOKDMCGJ
 Connection: close
 
@@ -907,7 +907,7 @@ Connection: close
 GET /sqlmap/get_str.asp?name=luther HTTP/1.1
 Host: 192.168.1.125:80
 Cookie: ASPSESSIONIDSABTRCAS=469
-User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:40] [WARNING] Cookie parameter 'ASPSESSIONIDSABTRCAS' is not dynamic
@@ -955,7 +955,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&ca
 GET /sqlmap/pgsql/get_int.php?id=1&cat=2 HTTP/1.1
 Host: 192.168.1.121:80
 Referer: http://www.google.com
-User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
@@ -972,7 +972,7 @@ Connection: close 

-sqlmap/0.6.2 (http://sqlmap.sourceforge.net)
+sqlmap/0.6.3 (http://sqlmap.sourceforge.net)

@@ -1058,7 +1058,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/basic/get_int.php?id=1& GET /sqlmap/mysql/basic/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1075,7 +1075,7 @@ nonce="qcL9udlSBAA=f3b77da349fcfbf1a59ba37b21e291341159598f", uri="/sqlmap/mysql/digest/get_int.php?id=1&cat=2", response="e1bf3738b4bbe04e197a12fb134e13a2", algorithm="MD5", qop=auth, nc=00000001, cnonce="df1c0902c931b640" -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1164,6 +1164,14 @@ character of the query output. The thread then ends after approximately seven HTTP requests, the maximum to retrieve a query output character.

+

Delay in seconds between each HTTP request

+ +

Option: --delay

+ +

It is possible to specify a number of seconds to wait between each HTTP +request. The valid value is a float, for instance 0.5.

+ +

5.2 Injection

@@ -1200,7 +1208,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_refresh.php?id= [hh:mm:50] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200): @@ -1222,7 +1230,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -1244,7 +1252,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -2072,7 +2080,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -2126,7 +2134,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | | nameisnull | +----+----------------------------------------------+-------------------+ @@ -2140,7 +2148,7 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv "1","luther","blissett" "2","fluffy","bunny" "3","wu","ming" -"4","sqlmap/0.6.2 (http://sqlmap.sourceforge.net)","user agent header" +"4","sqlmap/0.6.3 (http://sqlmap.sourceforge.net)","user agent header" "5","","nameisnull"
@@ -2170,7 +2178,7 @@ Table: users +----+----------------------------------------------+-------------------+ | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | +----+----------------------------------------------+-------------------+ @@ -2201,7 +2209,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -2291,7 +2299,7 @@ Table: users +----+----------------------------------------------+-------------------+ | id | name | surname | +----+----------------------------------------------+-------------------+ -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 2 | fluffy | bunny | | 1 | luther | blisset | | 3 | wu | ming | @@ -2854,7 +2862,7 @@ GET /sqlmap/mysql/get_int.php?id=1%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28C %2C%20CHAR%2832%29%29%2CCHAR%28122%2C110%2C105%2C89%2C121%2C65%29%29%2C%20NULL--%20AND%2 06043=6043&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:25] [TRAFFIC IN] HTTP response (OK - 200): @@ -2996,7 +3004,7 @@ $ python sqlmap.py --update -v 4 [hh:mm:55] [TRAFFIC OUT] HTTP request: GET /doc/VERSION HTTP/1.1 Host: sqlmap.sourceforge.net -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:55] [TRAFFIC IN] HTTP response (OK - 200): @@ -3015,7 +3023,7 @@ X-Pad: avoid browser bug [hh:mm:56] [TRAFFIC OUT] HTTP request: GET /FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx HTTP/1.1 Host: www.sqlsecurity.com -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0; language=en-US Connection: close diff --git a/doc/README.pdf b/doc/README.pdf index dcf086f2e..78d54b3e6 100644 Binary files a/doc/README.pdf and b/doc/README.pdf differ diff --git a/doc/README.sgml b/doc/README.sgml index af7159e57..345fb7bd2 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -4,7 +4,7 @@ sqlmap user's manual <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G."> -<date>version 0.6.2, 4th of November 2008 +<date>version 0.6.3, DDth of November 2008 <abstract> This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">. Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage"> @@ -257,19 +257,19 @@ name="SourceForge File List page">. It is available in various formats: <itemize> -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.tar.gz" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.tar.gz" name="Source gzip compressed"> operating system independent. -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.tar.bz2" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.tar.bz2" name="Source bzip2 compressed"> operating system independent. -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.zip" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.zip" name="Source zip compressed"> operating system independent. -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.2-1_all.deb" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.3-1_all.deb" name="DEB binary package"> architecture independent for Debian and any other Debian derivated GNU/Linux distribution. -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2-1.noarch.rpm" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3-1.noarch.rpm" name="RPM binary package"> architecture independent for Fedora and any other operating system that can install RPM packages. -<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2_exe.zip" +<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3_exe.zip" name="Portable executable for Windows"> that <bf>does not require the Python interpreter</bf> to be installed on the operating system. </itemize> @@ -297,7 +297,7 @@ and <htmlurl url="mailto:daniele.bellucci@gmail.com" name="Daniele Bellucci">. <tscreen><verb> $ python sqlmap.py -h - sqlmap/0.6.2 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com> + sqlmap/0.6.3 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com> and Daniele Bellucci <daniele.bellucci@gmail.com> Usage: sqlmap.py [options] {-u <URL> | -g <google dork> | -c <config file>} @@ -493,7 +493,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat [hh:mm:28] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] [hh:mm:29] [INFO] testing MySQL @@ -502,7 +502,7 @@ Connection: close GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%207994=7994&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] </verb></tscreen> @@ -518,7 +518,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat [hh:mm:32] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:32] [TRAFFIC IN] HTTP response (OK - 200): @@ -536,7 +536,7 @@ Content-Type: text/html GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%204435=4435&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:33] [TRAFFIC IN] HTTP response (OK - 200): @@ -561,7 +561,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat [hh:mm:23] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:23] [TRAFFIC IN] HTTP response (OK - 200): @@ -586,7 +586,7 @@ Content-Type: text/html GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2851%29%2C%20 CHAR%2851%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%201855=1855&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:24] [TRAFFIC IN] HTTP response (OK - 200): @@ -701,7 +701,7 @@ Example on a <bf>MySQL 5.0.51</bf> target: <tscreen><verb> $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2" -v 1 \ - -p user-agent --user-agent "sqlmap/0.6.2 (http://sqlmap.sourceforge.net)" + -p user-agent --user-agent "sqlmap/0.6.3 (http://sqlmap.sourceforge.net)" [hh:mm:40] [WARNING] the testable parameter 'user-agent' you provided is not into the GET [hh:mm:40] [INFO] testing connection to the target url @@ -846,7 +846,7 @@ $ python sqlmap.py -u "http://192.168.1.125/sqlmap/get_str.asp?name=luther" -v 3 [hh:mm:39] [TRAFFIC OUT] HTTP request: GET /sqlmap/get_str.asp?name=luther HTTP/1.1 Host: 192.168.1.125:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Cookie: ASPSESSIONIDSABTRCAS=HPCBGONANJBGFJFHGOKDMCGJ Connection: close @@ -858,7 +858,7 @@ Connection: close GET /sqlmap/get_str.asp?name=luther HTTP/1.1 Host: 192.168.1.125:80 Cookie: ASPSESSIONIDSABTRCAS=469 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:40] [WARNING] Cookie parameter 'ASPSESSIONIDSABTRCAS' is not dynamic @@ -905,7 +905,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&ca GET /sqlmap/pgsql/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 Referer: http://www.google.com -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] </verb></tscreen> @@ -921,7 +921,7 @@ By default sqlmap perform HTTP requests providing the following HTTP <tt>User-Agent</tt> header value: <tscreen><verb> -sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +sqlmap/0.6.3 (http://sqlmap.sourceforge.net) </verb></tscreen> <p> @@ -1006,7 +1006,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/basic/get_int.php?id=1& GET /sqlmap/mysql/basic/get_int.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] @@ -1023,7 +1023,7 @@ nonce="qcL9udlSBAA=f3b77da349fcfbf1a59ba37b21e291341159598f", uri="/sqlmap/mysql/digest/get_int.php?id=1&cat=2", response="e1bf3738b4bbe04e197a12fb134e13a2", algorithm="MD5", qop=auth, nc=00000001, cnonce="df1c0902c931b640" -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [...] </verb></tscreen> @@ -1108,6 +1108,16 @@ character of the query output. The thread then ends after approximately seven HTTP requests, the maximum to retrieve a query output character. +<sect2>Delay in seconds between each HTTP request + +<p> +Option: <tt>--delay</tt> + +<p> +It is possible to specify a number of seconds to wait between each HTTP +request. The valid value is a float, for instance 0.5. + + <sect1>Injection <sect2>String match @@ -1145,7 +1155,7 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_refresh.php?id= [hh:mm:50] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200): @@ -1167,7 +1177,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -1189,7 +1199,7 @@ Content-Type: text/html [hh:mm:51] [TRAFFIC OUT] HTTP request: GET /sqlmap/mysql/get_int_refresh.php?id=1&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): @@ -2008,7 +2018,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ </verb></tscreen> @@ -2060,7 +2070,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | | nameisnull | +----+----------------------------------------------+-------------------+ @@ -2074,7 +2084,7 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv "1","luther","blissett" "2","fluffy","bunny" "3","wu","ming" -"4","sqlmap/0.6.2 (http://sqlmap.sourceforge.net)","user agent header" +"4","sqlmap/0.6.3 (http://sqlmap.sourceforge.net)","user agent header" "5","","nameisnull" </verb></tscreen> @@ -2102,7 +2112,7 @@ Table: users +----+----------------------------------------------+-------------------+ | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | +----+----------------------------------------------+-------------------+ </verb></tscreen> @@ -2134,7 +2144,7 @@ Table: users | 1 | luther | blissett | | 2 | fluffy | bunny | | 3 | wu | ming | -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 5 | NULL | nameisnull | +----+----------------------------------------------+-------------------+ @@ -2223,7 +2233,7 @@ Table: users +----+----------------------------------------------+-------------------+ | id | name | surname | +----+----------------------------------------------+-------------------+ -| 4 | sqlmap/0.6.2 (http://sqlmap.sourceforge.net) | user agent header | +| 4 | sqlmap/0.6.3 (http://sqlmap.sourceforge.net) | user agent header | | 2 | fluffy | bunny | | 1 | luther | blisset | | 3 | wu | ming | @@ -2774,7 +2784,7 @@ GET /sqlmap/mysql/get_int.php?id=1%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28C %2C%20CHAR%2832%29%29%2CCHAR%28122%2C110%2C105%2C89%2C121%2C65%29%29%2C%20NULL--%20AND%2 06043=6043&cat=2 HTTP/1.1 Host: 192.168.1.121:80 -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:25] [TRAFFIC IN] HTTP response (OK - 200): @@ -2913,7 +2923,7 @@ $ python sqlmap.py --update -v 4 [hh:mm:55] [TRAFFIC OUT] HTTP request: GET /doc/VERSION HTTP/1.1 Host: sqlmap.sourceforge.net -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Connection: close [hh:mm:55] [TRAFFIC IN] HTTP response (OK - 200): @@ -2932,7 +2942,7 @@ X-Pad: avoid browser bug [hh:mm:56] [TRAFFIC OUT] HTTP request: GET /FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx HTTP/1.1 Host: www.sqlsecurity.com -User-agent: sqlmap/0.6.2 (http://sqlmap.sourceforge.net) +User-agent: sqlmap/0.6.3 (http://sqlmap.sourceforge.net) Cookie: .ASPXANONYMOUS=dvus03cqyQEkAAAANDI0M2QzZmUtOGRkOS00ZDQxLThhMTUtN2ExMWJiNWVjN2My0; language=en-US Connection: close diff --git a/doc/THANKS b/doc/THANKS index 9929174b4..91a78b019 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -9,6 +9,10 @@ Karl Chen <quarl@cs.berkeley.edu> for providing with the multithreading patch for the inference algorithm +Pierre Chifflier <pollux@debian.org> + for uploading the sqlmap 0.6.2 Debian package to the official Debian + project repository + Stefano Di Paola <stefano.dipaola@wisec.it> for suggesting good features @@ -91,6 +95,10 @@ Richard Safran <allapplyhere@yahoo.com> Tomoyuki Sakurai <cherry@trombik.org> for submitting to the FreeBSD project the sqlmap 0.5 port +Sven Schluter <sschlueter@netzwerk.cc> + for providing with a patch for waiting a number of seconds between + each HTTP request + M Simkin <mlsimkin@cox.net> for suggesting a feature @@ -113,6 +121,9 @@ Bedirhan Urgun <bedirhanurgun@gmail.com> for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench +Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com> + for reporting an unhandled connection exception + fufuh <fufuh@users.sourceforge.net> for reporting a bug when running on Windows diff --git a/lib/core/option.py b/lib/core/option.py index 29504e468..c0f4064dc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -402,6 +402,9 @@ def __cleanupOptions(): if conf.user: conf.user = conf.user.replace(" ", "") + if conf.delay: + conf.delay = float(conf.delay) + def __setConfAttributes(): """ @@ -488,7 +491,7 @@ def __saveCmdline(): if value == None: if datatype == "boolean": value = "False" - elif datatype == "integer": + elif datatype in ( "integer", "float" ): if option == "threads": value = "1" else: diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index ee9008356..eac3bdeae 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -40,6 +40,7 @@ optDict = { "aCred": "string", "proxy": "string", "threads": "integer", + "delay": "float", }, "Injection": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 45eca8a44..5c86ab35b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -30,7 +30,7 @@ import sys # sqlmap version and site -VERSION = "0.6.2" +VERSION = "0.6.3-rc1" VERSION_STRING = "sqlmap/%s" % VERSION SITE = "http://sqlmap.sourceforge.net" diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index f67eaff1d..de4cc0e48 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -89,6 +89,10 @@ def cmdLineParser(): help="Maximum number of concurrent HTTP " "requests (default 1)") + request.add_option("--delay", dest="delay", type="float", + help="Delay in seconds between each HTTP request") + + # Injection options injection = OptionGroup(parser, "Injection") diff --git a/lib/request/connect.py b/lib/request/connect.py index 88cdc2b12..e31aaeac0 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -26,6 +26,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import md5 import re +import socket +import time import urllib2 import urlparse @@ -156,7 +158,7 @@ class Connect: status = e.msg responseHeaders = e.info() - except urllib2.URLError, e: + except (urllib2.URLError, socket.error), _: warnMsg = "unable to connect to the target url" if conf.googleDork: @@ -168,6 +170,18 @@ class Connect: warnMsg += " or proxy" raise sqlmapConnectionException, warnMsg + except socket.timeout, _: + warnMsg = "connection timed out to the target url" + + if conf.googleDork: + warnMsg += ", skipping to next url" + logger.warn(warnMsg) + + return None + else: + warnMsg += " or proxy" + raise sqlmapConnectionException, warnMsg + parsePage(page) responseMsg += "(%s - %d):\n" % (status, code) @@ -178,6 +192,9 @@ class Connect: logger.log(8, responseMsg) + if conf.delay != None and isinstance(conf.delay, (int, float)) and conf.delay > 0: + time.sleep(conf.delay) + return page diff --git a/sqlmap.conf b/sqlmap.conf index 657676f44..719765068 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -56,9 +56,15 @@ proxy = # Maximum number of concurrent HTTP requests (handled with Python threads) # to be used in the inference SQL injection attack. +# Valid: integer # Default: 1 threads = 1 +# Delay in seconds between each HTTP request. +# Valid: float +# Default: 0 +delay = 0 + [Injection] @@ -151,12 +157,12 @@ user = excludeSysDbs = False # First table entry to dump (cursor start) -# Valid: number +# Valid: integer # Default: 0 (sqlmap will start to dump the table entries from the first) limitStart = 0 # Last table entry to dump (cursor stop) -# Valid: number +# Valid: integer # Default: 0 (sqlmap will detect the number of table entries and dump # until the last) limitStop = 0 @@ -173,7 +179,7 @@ sqlShell = False [File system] # Read a specific OS file content (only on MySQL). -# Examples: '/etc/passwd' or 'C:\boot.ini' +# Examples: /etc/passwd or C:\boot.ini rFile = # Write to a specific OS file (not yet available). @@ -206,7 +212,7 @@ unionUse = False eta = False # Verbosity level. -# Valid values: +# Valid: integer between 0 and 5 # 0: Silent # 1: Show info messages # 2: Show also debug messages