mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-01-20 21:39:02 +00:00
Updated to sqlmap 0.7 release candidate 1
This commit is contained in:
Bernardo Damele
82
sqlmap.conf
82
sqlmap.conf
@@ -2,7 +2,21 @@
|
||||
|
||||
# Target URL.
|
||||
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
||||
url =
|
||||
# Windows Server 2003 Service Pack 2 virtual machine
|
||||
#url = http://192.168.62.154/sqlmap/mysql/iis/get_int.asp?id=1
|
||||
#url = http://192.168.62.154/sqlmap/mysql/iis/get_int.aspx?id=1
|
||||
#url = http://192.168.62.154/sqlmap/mysql/iis/get_int_51.aspx?id=1
|
||||
#url = http://192.168.62.154/sqlmap/pgsql/iis/get_int.asp?id=1
|
||||
#url = http://192.168.62.154/sqlmap/pgsql/iis/get_int.aspx?id=1
|
||||
#url = http://192.168.62.154/sqlmap/mssql/iis/get_str.asp?name=luther
|
||||
url = http://192.168.62.154/sqlmap/mssql/iis/get_str2.asp?name=luther
|
||||
#url = http://192.168.62.154/sqlmap/mssql/iis/get_str2_user.asp?name=luther
|
||||
# Ubuntu 8.10 (Intrepid Ibex) virtual machine
|
||||
#url = http://192.168.62.146/sqlmap/mysql/get_int.php?id=1
|
||||
#url = http://192.168.62.146/sqlmap/mssql/get_int.php?id=1
|
||||
#url = http://192.168.62.146/sqlmap/oracle/get_int.php?id=1
|
||||
#url = http://10.0.0.58/sqlmap/pgsql/get_int.php?id=1
|
||||
#url = http://192.168.62.146/sqlmap/pgsql/get_int_partialunion.php?id=1
|
||||
|
||||
# Parse targets from Burp or WebScarab logs
|
||||
# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
|
||||
@@ -46,7 +60,7 @@ agent =
|
||||
userAgentsFile =
|
||||
|
||||
# Extra HTTP headers
|
||||
# Note: there must be a space at the beginning of each header line
|
||||
# Note: There must be a space at the beginning of each header line.
|
||||
headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
|
||||
Accept-Language: en-us,en;q=0.5
|
||||
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
|
||||
@@ -81,6 +95,11 @@ delay = 0
|
||||
# Default: 30
|
||||
timeout = 30
|
||||
|
||||
# Maximum number of retries when the HTTP connection timeouts.
|
||||
# Valid: integer
|
||||
# Default: 3
|
||||
retries = 3
|
||||
|
||||
|
||||
[Injection]
|
||||
|
||||
@@ -94,6 +113,14 @@ testParameter =
|
||||
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
|
||||
dbms =
|
||||
|
||||
# Force back-end DBMS operating system to this value. If this option is
|
||||
# set, the back-end DBMS identification process will be minimized as
|
||||
# needed.
|
||||
# If not set, sqlmap will detect back-end DBMS operating system
|
||||
# automatically by default.
|
||||
# Valid: linux, windows
|
||||
os =
|
||||
|
||||
# Injection payload prefix string
|
||||
prefix =
|
||||
|
||||
@@ -137,6 +164,11 @@ stackedTest = False
|
||||
# Valid: True or False
|
||||
timeTest = False
|
||||
|
||||
# Seconds to delay the response from the DBMS.
|
||||
# Valid: integer
|
||||
# Default: 5
|
||||
timeSec = 5
|
||||
|
||||
# Test for UNION query (inband) SQL injection.
|
||||
# Valid: True or False
|
||||
unionTest = False
|
||||
@@ -254,22 +286,56 @@ sqlShell = False
|
||||
|
||||
[File system]
|
||||
|
||||
# Read a specific OS file content (only on MySQL).
|
||||
# Read a specific file from the back-end DBMS underlying file system.
|
||||
# Examples: /etc/passwd or C:\boot.ini
|
||||
rFile =
|
||||
|
||||
# Write to a specific OS file (not yet available).
|
||||
# Write a local file to a specific path on the back-end DBMS underlying
|
||||
# file system.
|
||||
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
|
||||
wFile =
|
||||
|
||||
# Back-end DBMS absolute filepath to write the file to.
|
||||
dFile =
|
||||
|
||||
|
||||
[Takeover]
|
||||
|
||||
# Prompt for an interactive OS shell (only on PHP/MySQL environment with a
|
||||
# writable directory within the web server document root for the moment).
|
||||
# Execute an operating system command.
|
||||
# Valid: operating system command
|
||||
osCmd =
|
||||
|
||||
# Prompt for an interactive operating system shell.
|
||||
# Valid: True or False
|
||||
osShell = False
|
||||
|
||||
# Prompt for an out-of-band shell, meterpreter or VNC.
|
||||
# Valid: True or False
|
||||
osPwn = False
|
||||
|
||||
# One click prompt for an out-of-band shell, meterpreter or VNC.
|
||||
# Valid: True or False
|
||||
osSmb = False
|
||||
|
||||
# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored
|
||||
# procedure heap-based buffer overflow (MS09-004) exploitation.
|
||||
# Valid: True or False
|
||||
osBof = False
|
||||
|
||||
# Local User privilege escalation by abusing Windows access tokens using
|
||||
# Meterpreter incognito extension.
|
||||
# Note: Use in conjunction with osPwn or osSmb. It will force the payload
|
||||
# to be Meterpreter.
|
||||
privEsc = False
|
||||
|
||||
# Local path where Metasploit Framework 3 is installed.
|
||||
# Valid: file system path
|
||||
msfPath =
|
||||
|
||||
# Remote absolute path of temporary files directory.
|
||||
# Valid: absolute file system path
|
||||
tmpPath =
|
||||
|
||||
|
||||
[Miscellaneous]
|
||||
|
||||
@@ -299,3 +365,7 @@ sessionFile =
|
||||
# Never ask for user input, use the default behaviour.
|
||||
# Valid: True or False
|
||||
batch = False
|
||||
|
||||
# Clean up the DBMS by sqlmap specific UDF and tables
|
||||
# Valid: True or False
|
||||
cleanup = False
|
||||
|
||||
Reference in New Issue
Block a user