From e1ea816c0f66757d62e596d5cd5a66640bc90718 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 30 Jun 2026 15:05:57 +0200 Subject: [PATCH] Updated Usage (markdown) --- Usage.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Usage.md b/Usage.md index e6daae0..e05e0d9 100644 --- a/Usage.md +++ b/Usage.md @@ -1102,6 +1102,20 @@ For instance, you can provide `ES` if you want to test for and exploit error-bas Note that the string must include stacked queries technique letter, `S`, when you want to access the file system, takeover the operating system or access Windows registry hives. +### Non-SQL injection techniques + +Options: `--nosql`, `--graphql`, `--ldap`, `--xpath` and `--ssti` + +Besides classic SQL injection, sqlmap can also detect and exploit several other server-side injection types, each enabled by its own switch: + +* `--nosql`: NoSQL injection +* `--graphql`: GraphQL injection +* `--ldap`: LDAP injection +* `--xpath`: XPath injection +* `--ssti`: server-side template injection + +Each of these techniques is self-contained: it confirms the injection and extracts what that particular vector can reach, so the SQL enumeration options (e.g. `--banner`, `--dbs`, `--tables` and `--dump`) do not apply and are ignored. For server-side template injection, `--ssti-query` evaluates a single expression and `--ssti-shell` opens an interactive expression shell, while `--os-cmd` and `--os-shell` run operating system commands through the template engine where it allows it. As with SQL injection, these techniques honor `--level` (for instance, `Cookie` parameters are only tested from `--level 2`). + ### Seconds to delay the DBMS response for time-based blind SQL injection Option: `--time-sec`