2008-10-15 19:38:22 +04:00
|
|
|
== Individuals ==
|
|
|
|
|
|
|
|
Chip Andrews <chip@sqlsecurity.com>
|
|
|
|
for his excellent work maintaining the SQL Server versions database
|
|
|
|
at SQLSecurity.com and permission to implement the update feature
|
|
|
|
taking data from his site
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Daniele Bellucci <daniele.bellucci@gmail.com>
|
|
|
|
for starting sqlmap project and developing it between July and August
|
|
|
|
2006
|
|
|
|
|
2008-12-05 18:34:13 +03:00
|
|
|
Jack Butler <fattredd@hotmail.com>
|
|
|
|
for providing me with the sqlmap site favicon
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Cesar Cerrudo <cesar@argeniss.com>
|
|
|
|
for his Windows access token kidnapping tool Churrasco included in
|
|
|
|
sqlmap tree as a contrib library and used to run the stand-alone
|
|
|
|
payload stager on the target Windows machine as SYSTEM user if the
|
|
|
|
user wants to perform a privilege escalation attack,
|
|
|
|
http://www.argeniss.com/research/Churrasco.zip
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Karl Chen <quarl@cs.berkeley.edu>
|
|
|
|
for providing with the multithreading patch for the inference
|
|
|
|
algorithm
|
|
|
|
|
2008-11-09 19:57:47 +03:00
|
|
|
Pierre Chifflier <pollux@debian.org>
|
|
|
|
for uploading the sqlmap 0.6.2 Debian package to the official Debian
|
|
|
|
project repository
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Stefano Di Paola <stefano.dipaola@wisec.it>
|
|
|
|
for suggesting good features
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Dan Guido <dguido@gmail.com>
|
|
|
|
for promoting sqlmap in the context of the Penetration Testing and
|
|
|
|
Vulnerability Analysis class at the Polytechnic University of New York,
|
|
|
|
http://isisblogs.poly.edu/courses/pentest/
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Adam Faheem <faheem.adam@is.co.za>
|
|
|
|
for reporting a few bugs
|
|
|
|
|
2008-11-04 22:56:07 +03:00
|
|
|
Jim Forster <jimforster@goldenwest.com>
|
2008-11-04 22:54:44 +03:00
|
|
|
for reporting a bug
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Rong-En Fan <rafan@freebsd.org>
|
|
|
|
for commiting the sqlmap 0.5 port to the official FreeBSD project
|
|
|
|
repository
|
|
|
|
|
|
|
|
Giorgio Fedon <giorgio.fedon@gmail.com>
|
|
|
|
for suggesting a speed improvement for bisection algorithm
|
|
|
|
for reporting a bug when running against Microsoft SQL Server 2005
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Alan Franzoni <alan.franzoni@gmail.com>
|
|
|
|
for helping me out with Python subprocess library
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Ivan Giacomelli <truemilk@insiberia.net>
|
|
|
|
for reporting a bug
|
|
|
|
for suggesting a minor enhancement
|
2008-12-17 23:58:19 +03:00
|
|
|
for reviewing the documentation
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
Davide Guerri <d.guerri@caspur.it>
|
|
|
|
for suggesting an enhancement
|
|
|
|
|
|
|
|
Kristian Erik Hermansen <kristian.hermansen@gmail.com>
|
|
|
|
for reporting a bug
|
|
|
|
for donating to sqlmap development
|
|
|
|
|
|
|
|
Jorge Hoya <aquinadie@gmail.com>
|
|
|
|
for suggesting a minor enhancement
|
|
|
|
|
|
|
|
Will Holcomb <wholcomb@gmail.com>
|
|
|
|
for his MultipartPostHandler class to handle multipart POST forms and
|
|
|
|
permission to include it within sqlmap source code
|
|
|
|
|
2008-10-26 22:12:17 +03:00
|
|
|
Luke Jahnke <luke.jahnke@gmail.com>
|
|
|
|
for reporting a bug when running against MySQL < 5.0
|
|
|
|
|
2008-11-28 01:33:33 +03:00
|
|
|
Anant Kochhar <anant.kochhar@secureyes.net>
|
|
|
|
for providing me with feedback on the user's manual
|
|
|
|
|
2009-02-09 13:28:03 +03:00
|
|
|
Alexander Kornbrust <ak@red-database-security.com>
|
2009-04-22 15:48:07 +04:00
|
|
|
for reporting a couple of bugs
|
|
|
|
|
|
|
|
Guido Landi <lists@keamera.org>
|
|
|
|
for the great technical discussions
|
|
|
|
for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
|
|
|
|
'sp_replwritetovarbin' stored procedure heap-based buffer overflow
|
|
|
|
(MS09-004) exploit development, http://www.milw0rm.com/author/1413
|
2009-02-09 13:28:03 +03:00
|
|
|
|
2008-11-19 18:33:39 +03:00
|
|
|
Nico Leidecker <nico@leidecker.info>
|
2008-11-28 01:33:33 +03:00
|
|
|
for providing me with feedback on a few features
|
2008-11-19 18:33:39 +03:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Gabriel Lima <pato@bugnet.com.br>
|
2009-04-23 12:42:57 +04:00
|
|
|
for reporting a couple of bugs
|
2009-04-22 15:48:07 +04:00
|
|
|
|
2008-10-28 03:08:00 +03:00
|
|
|
Pavol Luptak <pavol.luptak@nethemba.com>
|
|
|
|
for reporting a bug when injecting on a POST data parameter
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Michael Majchrowicz <mmajchrowicz@gmail.com>
|
|
|
|
for extensively beta-testing sqlmap on various MySQL DBMS
|
|
|
|
for providing really appreciated feedback
|
|
|
|
for suggesting a lot of ideas and features
|
|
|
|
|
2008-11-28 01:33:33 +03:00
|
|
|
Ferruh Mavituna <ferruh@mavituna.com>
|
2009-04-22 15:48:07 +04:00
|
|
|
for providing me with ideas on the implementation of a couple of
|
2008-11-28 01:33:33 +03:00
|
|
|
new features
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Enrico Milanese <enricomilanese@gmail.com>
|
|
|
|
for reporting a bugs when using (-a) a single line User-Agent file
|
|
|
|
for providing me with some ideas for the PHP backdoor
|
|
|
|
|
|
|
|
Roberto Nemirovsky <roberto.paes@gmail.com>
|
|
|
|
for pointing me out some enhancements
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Markus Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>
|
|
|
|
Laszlo Molnar <ml1050@cdata.tvnet.hu>
|
|
|
|
John F. Reiser <sales@bitwagon.com>
|
|
|
|
for their great tool UPX (Ultimate Packer for eXecutables) included
|
|
|
|
in sqlmap tree as a contrib library and used mainly to pack the
|
|
|
|
Metasploit Framework 3 payload stager portable executable,
|
|
|
|
http://upx.sourceforge.net
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Antonio Parata <s4tan@ictsc.it>
|
|
|
|
for providing me with some ideas for the PHP backdoor
|
|
|
|
|
|
|
|
Chris Patten <cpatten@sunera.com>
|
|
|
|
for reporting a bug in the blind SQL injection bisection algorithm
|
|
|
|
|
|
|
|
Adam Pridgen <adam.pridgen@gmail.com>
|
|
|
|
for suggesting some features
|
|
|
|
|
|
|
|
Alberto Revelli <r00t@northernfortress.net>
|
|
|
|
for inspiring me to write sqlmap user's manual in SGML
|
|
|
|
for his great Microsoft SQL Server take over tool, sqlninja,
|
|
|
|
http://sqlninja.sourceforge.net
|
|
|
|
|
|
|
|
Andres Riancho <andres.riancho@gmail.com>
|
|
|
|
for beta-testing sqlmap
|
|
|
|
for reporting a bug and suggesting some features
|
|
|
|
for including sqlmap in his great web application audit and attack
|
|
|
|
framework, w3af, http://w3af.sourceforge.net
|
|
|
|
|
|
|
|
Antonio Riva <antonio.riva@gmail.com>
|
|
|
|
for reporting a bug when running with python 2.5
|
|
|
|
|
|
|
|
Richard Safran <allapplyhere@yahoo.com>
|
|
|
|
for donating the sqlmap.org domain control
|
|
|
|
|
|
|
|
Tomoyuki Sakurai <cherry@trombik.org>
|
|
|
|
for submitting to the FreeBSD project the sqlmap 0.5 port
|
|
|
|
|
2008-12-09 00:24:24 +03:00
|
|
|
Philippe A. R. Schaeffer <schaeff@compuphil.de>
|
|
|
|
for reporting a minor bug
|
|
|
|
|
2008-11-09 19:57:47 +03:00
|
|
|
Sven Schluter <sschlueter@netzwerk.cc>
|
|
|
|
for providing with a patch for waiting a number of seconds between
|
|
|
|
each HTTP request
|
|
|
|
|
2009-01-23 02:53:01 +03:00
|
|
|
Uemit Seren <uemit.seren@gmail.com>
|
|
|
|
for reporting a minor adjustment when running with python 2.6
|
|
|
|
|
2008-12-21 19:35:45 +03:00
|
|
|
Sumit Siddharth <sid@notsosecure.com>
|
2009-04-22 15:48:07 +04:00
|
|
|
for providing me with ideas on the implementation of a couple of
|
2008-12-21 19:35:45 +03:00
|
|
|
features
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
M Simkin <mlsimkin@cox.net>
|
|
|
|
for suggesting a feature
|
|
|
|
|
2009-01-28 17:53:11 +03:00
|
|
|
Konrads Smelkovs <konrads@smelkovs.com>
|
2009-02-03 02:44:19 +03:00
|
|
|
for reporting a few bugs in --sql-shell and --sql-query on Microsoft
|
|
|
|
SQL Server
|
2009-01-28 17:53:11 +03:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Marek Stiefenhofer <m.stiefenhofer@r-tec.net>
|
|
|
|
for reporting a bug
|
|
|
|
|
2008-11-25 14:33:44 +03:00
|
|
|
Jason Swan <jasoneswan@gmail.com>
|
|
|
|
for reporting a bug when enumerating columns on Microsoft SQL Server
|
2008-12-04 20:40:03 +03:00
|
|
|
for suggesting a couple of improvements
|
2008-11-25 14:33:44 +03:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Alessandro Tanasi <alessandro@tanasi.it>
|
|
|
|
for extensively beta-testing sqlmap
|
2008-10-20 17:43:18 +04:00
|
|
|
for suggesting many features and reporting some bugs
|
2008-12-18 23:38:57 +03:00
|
|
|
for reviewing the documentation
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Andres Tarasco <atarasco@gmail.com>
|
|
|
|
for providing me with good feedback
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Efrain Torres <et@metasploit.com>
|
|
|
|
for helping me out to improve the Metasploit Framework 3 sqlmap
|
2008-10-26 22:12:17 +03:00
|
|
|
auxiliary module and for commiting it on the Metasploit official
|
2009-04-22 15:48:07 +04:00
|
|
|
subversion repository
|
2008-10-20 17:43:18 +04:00
|
|
|
for his great Metasploit WMAP Framework
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
Sandro Tosi <matrixhasu@gmail.com>
|
|
|
|
for helping to create sqlmap Debian package correctly
|
|
|
|
|
|
|
|
Bedirhan Urgun <bedirhanurgun@gmail.com>
|
2008-10-16 19:41:26 +04:00
|
|
|
for reporting a few bugs
|
2008-10-15 19:38:22 +04:00
|
|
|
for suggesting some features and improvements
|
|
|
|
for benchmarking sqlmap in the context of his SQL injection
|
|
|
|
benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
|
|
|
|
|
2008-11-09 19:57:47 +03:00
|
|
|
Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
|
|
|
|
for reporting an unhandled connection exception
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Anthony Zboralski <anthony.zboralski@bellua.com>
|
|
|
|
for providing me with detailed feedback
|
|
|
|
for reporting a few minor bugs
|
|
|
|
for donating to sqlmap development
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
fufuh <fufuh@users.sourceforge.net>
|
|
|
|
for reporting a bug when running on Windows
|
|
|
|
|
2008-11-03 01:25:48 +03:00
|
|
|
mariano <marianoso@gmail.com>
|
|
|
|
for reporting a bug
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
Sylphid <sylphid.su@sti.com.tw>
|
|
|
|
for suggesting some features
|
|
|
|
|
|
|
|
|
|
|
|
== Organizations ==
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
Black Hat team <info@blackhat.com>
|
|
|
|
for the opportunity to present my research on 'Advanced SQL injection
|
|
|
|
to operating system full control' at Black Hat Europe 2009 Briefings on
|
|
|
|
April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of
|
|
|
|
the sqlmap 0.7 release candidate version new features during my
|
|
|
|
presentation
|
|
|
|
|
|
|
|
Metasploit LLC <msfdev@metasploit.com>
|
|
|
|
for their powerful tool Metasploit Framework 3, used by sqlmap, among
|
|
|
|
others things, to create the payload stager and establish an
|
|
|
|
out-of-band connection between sqlmap and the database server,
|
|
|
|
http://www.metasploit.com/framework
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
OWASP Board <http://www.owasp.org>
|
|
|
|
for sponsoring part of the sqlmap development in the context of OWASP
|
|
|
|
Spring of Code 2007
|