Skip to content

Commit b12d955

Browse files
bdamelebdamele
committed
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
1 parent 770e000 commit b12d955

File tree

5 files changed

+37
-14
lines changed

5 files changed

+37
-14
lines changed

doc/ChangeLog

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ sqlmap (0.6.4-1) stable; urgency=low
2727
provided;
2828
* Updated documentation.
2929

30-
-- Bernardo Damele A. G. <[email protected]> Day, DD MMM 2009 10:00:00 +0000
30+
-- Bernardo Damele A. G. <[email protected]> Tue, 3 Feb 2009 23:30:00 +0000
3131

3232
sqlmap (0.6.3-1) stable; urgency=low
3333

doc/README.html

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<H1>sqlmap user's manual</H1>
99

1010
<H2>by
11-
<A HREF="mailto:[email protected]">Bernardo Damele A. G.</A></H2>version 0.6.4, DDth of MMM 2009
11+
<A HREF="mailto:[email protected]">Bernardo Damele A. G.</A></H2>version 0.6.4, 3rd of February 2009
1212
<HR>
1313
<EM>This document is the user's manual to use
1414
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.
@@ -407,7 +407,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
407407

408408
sqlmap/0.6.4 coded by Bernardo Damele A. G. &lt;[email protected]>
409409
and Daniele Bellucci &lt;[email protected]>
410-
410+
411411
Usage: sqlmap.py [options]
412412

413413
Options:
@@ -3801,28 +3801,39 @@ <H3>Run your own SQL statement</H3>
38013801
sql> SELECT COUNT(name) FROM users
38023802
[10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
38033803
[10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
3804-
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
3804+
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
3805+
FROM users
38053806
[10:11:59] [INFO] retrieved: 4
38063807
[10:11:59] [INFO] performed 13 queries in 0 seconds
38073808
SELECT COUNT(name) FROM users: '4'
38083809

38093810
sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
38103811
[10:12:35] [INFO] testing stacked queries support on parameter 'id'
38113812
[10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
3812-
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');'
3813+
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname)
3814+
VALUES (5, 'from', 'sql shell');'
38133815
[10:12:40] [INFO] done
38143816
sql> SELECT COUNT(name) FROM users
38153817
[10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
38163818
[10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
3817-
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
3819+
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
3820+
FROM users
38183821
[10:12:53] [INFO] retrieved: 5
38193822
[10:12:54] [INFO] performed 20 queries in 0 seconds
38203823
SELECT COUNT(name) FROM users: '5'
38213824
</PRE>
38223825
</CODE></BLOCKQUOTE>
38233826
</P>
38243827

3825-
<P>TODO</P>
3828+
<P>As you can see from this last example, when the user provides a SQL
3829+
statement other than <CODE>SELECT</CODE>, sqlmap recognizes it, tests if the
3830+
web application supports stacked queries and in case it does, it executes
3831+
the provided SQL statement in a multiple statement.</P>
3832+
3833+
<P>Beware that some web application technologies do not support stacked
3834+
queries on specific database management systems. For instance, PHP does not
3835+
support stacked queries when the back-end DBMS is MySQL, but it does
3836+
support when the back-end DBMS is PostgreSQL.</P>
38263837

38273838

38283839
<H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">File system access</A>

doc/README.pdf

713 Bytes
Binary file not shown.

doc/README.sgml

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
<title>sqlmap user's manual
66
<author>by <htmlurl url="mailto:[email protected]" name="Bernardo Damele A. G.">
7-
<date>version 0.6.4, DDth of MMM 2009
7+
<date>version 0.6.4, 3rd of February 2009
88
<abstract>
99
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
1010
Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
@@ -362,7 +362,7 @@ $ python sqlmap.py -h
362362

363363
sqlmap/0.6.4 coded by Bernardo Damele A. G. <[email protected]>
364364
and Daniele Bellucci <[email protected]>
365-
365+
366366
Usage: sqlmap.py [options]
367367

368368
Options:
@@ -3698,27 +3698,39 @@ back-end DBMS: PostgreSQL
36983698
sql> SELECT COUNT(name) FROM users
36993699
[10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
37003700
[10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
3701-
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
3701+
[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
3702+
FROM users
37023703
[10:11:59] [INFO] retrieved: 4
37033704
[10:11:59] [INFO] performed 13 queries in 0 seconds
37043705
SELECT COUNT(name) FROM users: '4'
37053706

37063707
sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
37073708
[10:12:35] [INFO] testing stacked queries support on parameter 'id'
37083709
[10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
3709-
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');'
3710+
[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname)
3711+
VALUES (5, 'from', 'sql shell');'
37103712
[10:12:40] [INFO] done
37113713
sql> SELECT COUNT(name) FROM users
37123714
[10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
37133715
[10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
3714-
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
3716+
[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32))
3717+
FROM users
37153718
[10:12:53] [INFO] retrieved: 5
37163719
[10:12:54] [INFO] performed 20 queries in 0 seconds
37173720
SELECT COUNT(name) FROM users: '5'
37183721
</verb></tscreen>
37193722

37203723
<p>
3721-
TODO
3724+
As you can see from this last example, when the user provides a SQL
3725+
statement other than <tt>SELECT</tt>, sqlmap recognizes it, tests if the
3726+
web application supports stacked queries and in case it does, it executes
3727+
the provided SQL statement in a multiple statement.
3728+
3729+
<p>
3730+
Beware that some web application technologies do not support stacked
3731+
queries on specific database management systems. For instance, PHP does not
3732+
support stacked queries when the back-end DBMS is MySQL, but it does
3733+
support when the back-end DBMS is PostgreSQL.
37223734

37233735

37243736
<sect1>File system access

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030

3131

3232
# sqlmap version and site
33-
VERSION = "0.6.4-rc6"
33+
VERSION = "0.6.4"
3434
VERSION_STRING = "sqlmap/%s" % VERSION
3535
SITE = "http://sqlmap.sourceforge.net"
3636

0 commit comments

Comments
 (0)