@@ -101,9 +101,127 @@ some money"> to the developers via PayPal.
101101<p>
102102<bf>No</bf>.
103103
104- <sect1>How sqlmap decides this and that ?
104+ <sect1>When sqlmap will switch to the Python 3 ?
105105
106106<p>
107- TODO
107+ Currently there is no huge pressure on Python projects to switch to the new
108+ version of Python interpreter, as the process of switching, especially on
109+ larger projects can be cumbersome (due to the few backward incompatibilities).
110+ The switch will take place eventually, but currently it's a very low priority task.
111+
112+ <sect1>What does <tt>"WARNING unknown charset '...'"</tt> mean?
113+
114+ <p>
115+ sqlmap needs to properly decode page content to be able to properly
116+ detect and deal with internationalized characters. In some cases web developers
117+ are doing mistakes when declaring used web page charset (e.g. <tt>iso_8859</tt> instead
118+ of standardized name <tt>iso-8859</tt>), which can cause problems. As a failsafe mechanism
119+ we've incorporated heuristic detection engine
120+ <htmlurl url="http://chardet.feedparser.org/" name="chardet">,
121+ so in most cases sqlmap will deal with this kind of problems automatically.
122+ Nevertheless, you are strongly advised to report us back those typographic "mistakes"
123+ so we could handle them manually inside the code.
124+
125+ <p>
126+ Question(s):
127+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/737" name="#1">
128+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1232" name="#2">
129+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1239" name="#3">
130+
131+ <sect1>How to use sqlmap with <tt>mod_rewrite</tt> enabled?
132+
133+ <p>
134+ Just put * to the place where sqlmap should check for injections in URI
135+ itself. In example: <tt>./sqlmap.py -u "www.site.com/id1/1*/id2/2"</tt> sqlmap
136+ will try to inject the payloads just at that place marked with * character.
137+
138+ <p>
139+ Question(s):
140+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/731" name="#1">
141+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/728" name="#2">
142+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1258" name="#3">
143+
144+ <sect1>Why is sqlmap not able to get password hashes in some cases?
145+
146+ <p>
147+ You most probably don't have enough permissions for querying on a system
148+ table containing password hashes.
149+
150+ <p>
151+ Question(s):
152+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/714" name="#1">
153+
154+ <sect1>What is <tt>-</tt><tt>-text-only</tt> switch?
155+
156+ <p>
157+ Switch <tt>-</tt><tt>-text-only</tt> is used for removing non-textual data (tags,
158+ javascripts, styles,...) from the retrieved page content to further
159+ improve detection capabilities.
160+
161+ <p>
162+ Question(s):
163+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/699" name="#1">
164+
165+ <sect1>sqlmap is retrieving weird characters for even simplest data (e.g. <tt>--banner</tt>)?
166+
167+ <p>
168+ If everything you retrieve from the target is garbled, then you are
169+ most probably dealing with false positive blind injection. Please
170+ report the problem to the <htmlurl url="mailto:
[email protected] " name="developers">.
171+
172+ <p>
173+ Question(s):
174+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/686" name="#1">
175+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1181" name="#2">
176+
177+ <sect1>I am getting <tt>"CRITICAL connection timed"</tt> while I am able to browse
178+ the site normally?
179+
180+ <p>
181+ There are few IDSes that filter out all sqlmap requests based on default
182+ User-Agent HTTP header used (e.g. <tt>"User-agent: sqlmap/1.0-dev"</tt>). To prevent this
183+ kind of situations you are advised to use switch <tt>-</tt><tt>-random-agent</tt>.
184+ If you are getting those kind of messages for all targets then you
185+ most probably need to properly set up your proxy settings (switches <tt>-</tt><tt>-proxy</tt>
186+ and/or <tt>-</tt><tt>-ignore-proxy</tt>)
187+
188+ <p>
189+ Question(s):
190+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1241" name="#1">
191+
192+ <sect1>Is it possible to use <tt>"INSERT/UPDATE"</tt> SQL commands via <tt>-</tt><tt>-sql-query</tt>
193+ and/or <tt>-</tt><tt>-sql-shell</tt>?
194+
195+ <p>
196+ It is possible to use those commands, but only if the stacked injection is supported
197+ by the vulnerable target.
198+
199+ <p>
200+ Question(s):
201+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1237" name="#1">
202+
203+ <sect1>I am getting <tt>"finally: SyntaxError: invalid syntax"</tt> when trying to run sqlmap?
204+
205+ <p>
206+ You are most probably using outdated version of Python. sqlmap is generally
207+ supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly
208+ advised to use versions 2.6 and 2.7.
209+
210+ <p>
211+ Question(s):
212+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1231" name="#1">
213+
214+ <sect1>sqlmap is not able to detect/exploit injection while Havij/Pangolin is?
215+
216+ <p>
217+ Currently there are only two of us working on a pure good will and donating our
218+ free time to the community. If you are not willing to help us achive better tool
219+ you are strongly advised to buy most probably better commercial tool(s) and just
220+ forget about the sqlmap. Our promise is that we won't miss you as you are most
221+ probably "script kiddie".
222+
223+ <p>
224+ Question(s):
225+ <htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/970" name="#1">
108226
109227</article>
0 commit comments