Updated user's manual, added details about URI injection

bdamele · bdamele · commit 2976ed7e9062 · 2011-05-03T14:47:01.000Z
diff --git a/doc/README.html b/doc/README.html
@@ -9,7 +9,7 @@ <H1>sqlmap user's manual</H1>
 
 <H2>by 
 <A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>, 
-<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April 10, 2011
+<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
 <HR>
 <EM>This document is the user's manual to use 
 <A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
@@ -858,7 +858,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
 <PRE>
 $ python sqlmap.py -h
 
-    sqlmap/0.9 - automatic SQL injection and database takeover tool
+    sqlmap/1.0 - automatic SQL injection and database takeover tool
     http://sqlmap.sourceforge.net
 
 Usage: python sqlmap.py [options]
@@ -961,6 +961,8 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
     --dbs               Enumerate DBMS databases
     --tables            Enumerate DBMS database tables
     --columns           Enumerate DBMS database table columns
+    --schema            Enumerate DBMS schema
+    --count             Retrieve number of entries for table(s)
     --dump              Dump DBMS database table entries
     --dump-all          Dump all DBMS databases tables entries
     --search            Search column(s), table(s) and/or database name(s)
@@ -1039,6 +1041,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
     --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
     --forms             Parse and test forms on target url
     --gpage=GOOGLEPAGE  Use Google dork results from specified page number
+    --mobile            Imitate smartphone through HTTP User-Agent header
     --page-rank         Display page rank (PR) for Google dork results
     --parse-errors      Parse DBMS error messages from response pages
     --replicate         Replicate dumped data into a sqlite3 database
@@ -1537,6 +1540,28 @@ <H3>Testable parameter(s)</H3>
 <CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P>
 
 
+<H3>URI injection point</H3>
+
+<P>There are special cases when injection point is within the URI itself.
+sqlmap does not perform any automatic test against URI paths, unless
+manually pointed to.
+You have to specify these injection points in the command line by
+appending an asterisk (<CODE>*</CODE>) after each URI point that you want
+sqlmap to test for and exploit a SQL injection.</P>
+
+<P>This is particularly useful when, for instance, Apache web server's
+<A HREF="http://httpd.apache.org/docs/current/mod/mod_rewrite.html">mod_rewrite</A> module is in use or other similar technologies.</P>
+
+<P>An example of valid command line would be:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+
 <H3>Force the database management system name</H3>
 
 <P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P>
@@ -2147,6 +2172,20 @@ <H3>Enumerate database table columns</H3>
 <CODE>public</CODE>.</P>
 
 
+<H3>Enumerate database management system schema</H3>
+
+<P>Switches: <CODE>-</CODE><CODE>-schema</CODE></P>
+
+<P>TODO</P>
+
+
+<H3>Retrieve number of entries for table(s)</H3>
+
+<P>Switches: <CODE>-</CODE><CODE>-count</CODE></P>
+
+<P>TODO</P>
+
+
 <H3>Dump database table entries</H3>
 
 <P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
@@ -3081,6 +3120,13 @@ <H3>Use Google dork results from specified page number</H3>
 to retrieve target URLs from.</P>
 
 
+<H3>Imitate smartphone</H3>
+
+<P>Switch: <CODE>-</CODE><CODE>-mobile</CODE></P>
+
+<P>TODO</P>
+
+
 <H3>Display page rank (PR) for Google dork results</H3>
 
 <P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P>
diff --git a/doc/README.pdf b/doc/README.pdf
diff --git a/doc/README.sgml b/doc/README.sgml
@@ -4,7 +4,7 @@
 
 <title>sqlmap user's manual
 <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
-<date>version 0.9, April 10, 2011
+<date>version 1.0-dev, XXX XX, 2011
 <abstract>
 This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
 </abstract>
@@ -772,7 +772,7 @@ This is strongly recommended <bf>before</bf> reporting any bug to the
 <tscreen><verb>
 $ python sqlmap.py -h
 
-    sqlmap/0.9 - automatic SQL injection and database takeover tool
+    sqlmap/1.0 - automatic SQL injection and database takeover tool
     http://sqlmap.sourceforge.net
 
 Usage: python sqlmap.py [options]
@@ -875,6 +875,8 @@ Options:
     --dbs               Enumerate DBMS databases
     --tables            Enumerate DBMS database tables
     --columns           Enumerate DBMS database table columns
+    --schema            Enumerate DBMS schema
+    --count             Retrieve number of entries for table(s)
     --dump              Dump DBMS database table entries
     --dump-all          Dump all DBMS databases tables entries
     --search            Search column(s), table(s) and/or database name(s)
@@ -953,6 +955,7 @@ Options:
     --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
     --forms             Parse and test forms on target url
     --gpage=GOOGLEPAGE  Use Google dork results from specified page number
+    --mobile            Imitate smartphone through HTTP User-Agent header
     --page-rank         Display page rank (PR) for Google dork results
     --parse-errors      Parse DBMS error messages from response pages
     --replicate         Replicate dumped data into a sqlite3 database
@@ -1512,6 +1515,29 @@ For instance, to test for GET parameter <tt>id</tt> and for HTTP
 <tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>.
 
 
+<sect2>URI injection point
+
+<p>
+There are special cases when injection point is within the URI itself.
+sqlmap does not perform any automatic test against URI paths, unless
+manually pointed to.
+You have to specify these injection points in the command line by
+appending an asterisk (<tt>*</tt>) after each URI point that you want
+sqlmap to test for and exploit a SQL injection.
+
+<p>
+This is particularly useful when, for instance, Apache web server's
+<htmlurl url="http://httpd.apache.org/docs/current/mod/mod_rewrite.html"
+name="mod_rewrite"> module is in use or other similar technologies.
+
+<p>
+An example of valid command line would be:
+
+<tscreen><verb>
+$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
+</verb></tscreen>
+
+
 <sect2>Force the database management system name
 
 <p>
@@ -2189,6 +2215,24 @@ application's user is connected to, which is always aliased by
 <tt>public</tt>.
 
 
+<sect2>Enumerate database management system schema
+
+<p>
+Switches: <tt>-</tt><tt>-schema</tt>
+
+<p>
+TODO
+
+
+<sect2>Retrieve number of entries for table(s)
+
+<p>
+Switches: <tt>-</tt><tt>-count</tt>
+
+<p>
+TODO
+
+
 <sect2>Dump database table entries
 
 <p>
@@ -3201,6 +3245,15 @@ this switch, <tt>-</tt><tt>-gpage</tt>, some page other than the first one
 to retrieve target URLs from.
 
 
+<sect2>Imitate smartphone
+
+<p>
+Switch: <tt>-</tt><tt>-mobile</tt>
+
+<p>
+TODO
+
+
 <sect2>Display page rank (PR) for Google dork results
 
 <p>
