mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-03 06:51:08 +00:00
Updated Usage (markdown)
parent
802c2e72f8
commit
e1ea816c0f
1 changed files with 14 additions and 0 deletions
14
Usage.md
14
Usage.md
|
|
@ -1102,6 +1102,20 @@ For instance, you can provide `ES` if you want to test for and exploit error-bas
|
|||
|
||||
Note that the string must include stacked queries technique letter, `S`, when you want to access the file system, takeover the operating system or access Windows registry hives.
|
||||
|
||||
### Non-SQL injection techniques
|
||||
|
||||
Options: `--nosql`, `--graphql`, `--ldap`, `--xpath` and `--ssti`
|
||||
|
||||
Besides classic SQL injection, sqlmap can also detect and exploit several other server-side injection types, each enabled by its own switch:
|
||||
|
||||
* `--nosql`: NoSQL injection
|
||||
* `--graphql`: GraphQL injection
|
||||
* `--ldap`: LDAP injection
|
||||
* `--xpath`: XPath injection
|
||||
* `--ssti`: server-side template injection
|
||||
|
||||
Each of these techniques is self-contained: it confirms the injection and extracts what that particular vector can reach, so the SQL enumeration options (e.g. `--banner`, `--dbs`, `--tables` and `--dump`) do not apply and are ignored. For server-side template injection, `--ssti-query` evaluates a single expression and `--ssti-shell` opens an interactive expression shell, while `--os-cmd` and `--os-shell` run operating system commands through the template engine where it allows it. As with SQL injection, these techniques honor `--level` (for instance, `Cookie` parameters are only tested from `--level 2`).
|
||||
|
||||
### Seconds to delay the DBMS response for time-based blind SQL injection
|
||||
|
||||
Option: `--time-sec`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue