diff --git a/Features.md b/Features.md index 811c5d8..913d7eb 100644 --- a/Features.md +++ b/Features.md @@ -5,7 +5,8 @@ Features implemented in sqlmap include: ## Generic features * Full support for **MySQL**, **Oracle**, **PostgreSQL**, **Microsoft SQL Server**, **Microsoft Access**, **IBM DB2**, **SQLite**, **Firebird**, **Sybase**, **SAP MaxDB**, **Informix**, **MariaDB**, **Percona**, **MemSQL**, **TiDB**, **CockroachDB**, **HSQLDB**, **H2**, **MonetDB**, **Apache Derby**, **Amazon Redshift**, **Vertica**, **Mckoi**, **Presto**, **Altibase**, **MimerSQL**, **CrateDB**, **Greenplum**, **Drizzle**, **Apache Ignite**, **Cubrid**, **InterSystems Cache**, **IRIS**, **eXtremeDB**, **FrontBase**, **Raima Database Manager**, **YugabyteDB**, **Aurora**, **OpenGauss**, **ClickHouse**, **Virtuoso**, **DM8**, **Snowflake**, **Spanner** and **Trino** database management systems. -* Full support for five SQL injection techniques: **boolean-based blind**, **time-based blind**, **error-based**, **UNION query** and **stacked queries**. +* Full support for six SQL injection techniques: **boolean-based blind**, **time-based blind**, **error-based**, **UNION query**, **stacked queries** and **inline queries**. +* Support for five non-SQL server-side injection techniques: **NoSQL injection**, **GraphQL injection**, **LDAP injection**, **XPath injection** and **server-side template injection**. * Support to **directly connect to the database** without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. * It is possible to provide a single target URL, get the list of targets from [Burp proxy](http://portswigger.net/suite/) or [WebScarab proxy](http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) requests log files, get the whole HTTP request from a text file or get the list of targets by providing sqlmap with a Google dork which queries [Google](http://www.google.com) search engine and parses its results page. You can also define a regular-expression based scope that is used to identify which of the parsed addresses to test. * Tests provided **GET** parameters, **POST** parameters, HTTP **Cookie** header values, HTTP **User-Agent** header value and HTTP **Referer** header value to identify and exploit SQL injection vulnerabilities. It is also possible to specify a comma-separated list of specific parameter(s) to test.