sqlmap/doc/ChangeLog

sqlmap (0.6.1-1) stable; urgency=low

  * Major bug fix to blind SQL injection bisection algorithm to handle an
    exception;
  * Written a Metasploit 3 auxiliary module to run sqlmap;
  * Implemented possibility to test for and inject also on LIKE
    statements;
  * Implemented --start and --stop options to set the first and the last
    table entry to dump;
  * Added non-interactive/batch-mode (--batch) option to make it easy to
    wrap sqlmap in Metasploit and any other tool;
  * Minor enhancement to save also the length of query output in the
    session file when retrieving the query output length for ETA or for
    resume purposes. TODO: fix for ETA

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri,  10 Oct 2008 10:00:00 +0100


sqlmap (0.6-1) stable; urgency=low

  * Complete code refactor and many bugs fixed;
  * Added multithreading support to set the maximum number of concurrent
    HTTP requests;
  * Implemented SQL shell (--sql-shell) functionality and fixed SQL query
    (--sql-query, before called -e) to be able to run whatever SELECT
    statement and get its output in both inband and blind SQL injection
    attack;
  * Added an option (--privileges) to retrieve DBMS users privileges, it
    also notifies if the user is a DBMS administrator;
  * Added support (-c) to read options from configuration file, an example
    of valid INI file is sqlmap.conf and support (--save) to save command
    line options on a configuration file;
  * Created a function that updates the whole sqlmap to the latest stable
    version available by running sqlmap with --update option;
  * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)
    installation binary packages;
  * Created sqlmap .exe (Windows) portable executable;
  * Save a lot of more information to the session file, useful when
    resuming injection on the same target to not loose time on identifying
    injection, UNION fields and back-end DBMS twice or more times;
  * Improved automatic check for parenthesis when testing and forging SQL
    query vector;
  * Now it checks for SQL injection on all GET/POST/Cookie parameters then
    it lets the user select which parameter to perform the injection on in
    case that more than one is injectable;
  * Implemented support for HTTPS requests over HTTP(S) proxy;
  * Added a check to handle NULL or not available queries output;
  * More entropy (randomStr() and randomInt() functions in
    lib/core/common.py) in inband SQL injection concatenated query and in
    AND condition checks;
  * Improved XML files structure;
  * Implemented the possibility to change the HTTP Referer header;
  * Added support to resume from session file also when running with
    inband SQL injection attack;
  * Added an option (--os-shell) to execute operating system commands if
    the back-end DBMS is MySQL, the web server has the PHP engine active
    and permits write access on a directory within the document root;
  * Added a check to assure that the provided string to match (--string)
    is within the page content;
  * Fixed various queries in XML file;
  * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
    the library to parse it;
  * Fixed password fetching function, mainly for Microsoft SQL Server and
    reviewed the password hashes parsing function;
  * Major bug fixed to avoid tracebacks when the testable parameter(s) is
    dynamic, but not injectable;
  * Enhanced logging system: added three more levels of verbosity to show
    also HTTP sent and received traffic;
  * Enhancement to handle Set-Cookie from target url and automatically
    re-establish the Session when it expires;
  * Added support to inject also on Set-Cookie parameters;
  * Implemented TAB completion and command history on both --sql-shell and
    --os-shell;
  * Renamed some command line options;
  * Added a conversion library;
  * Added code schema and reminders for future developments;
  * Added Copyright comment and $Id$ svn property to all Python files;
  * Updated the command line layout and help messages;
  * Updated some docstrings;
  * Updated documentation files.

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Sep 2008 10:00:00 +0100


sqlmap (0.5-1) stable; urgency=low

  * Added support for Oracle database management system
  * Extended inband SQL injection functionality (--union-use) to all
    other possible queries since it only worked with -e and --file on
    all DMBS plugins;
  * Added support to extract database users password hash on Microsoft
    SQL Server;
  * Added a fuzzer function with the aim to parse HTML page looking
    for standard database error messages consequently improving
    database fingerprinting;
  * Added support for SQL injection on HTTP Cookie and User-Agent headers;
  * Reviewed HTTP request library (lib/request.py) to support the
    extended inband SQL injection functionality. Splitted getValue()
    into getInband() and getBlind();
  * Major enhancements in common library and added checkForBrackets()
    method to check if the bracket(s) are needed to perform a UNION query
    SQL injection attack;
  * Implemented --dump-all functionality to dump entire DBMS data from
    all databases tables;
  * Added support to exclude DBMS system databases' when enumeration
    tables and dumping their entries (--exclude-sysdbs);
  * Implemented in Dump.dbTableValues() method the CSV file dumped data
    automatic saving in csv/ folder by default;
  * Added DB2, Informix and Sybase DBMS error messages and minor
    improvements in xml/errors.xml;
  * Major improvement in all three DBMS plugins so now sqlmap does not
    get entire databases' tables structure when all of database/table/
    column are specified to be dumped;
  * Important fixes in lib/option.py to make sqlmap properly work also
    with python 2.5 and handle the CSV dump files creation work also
    under Windows operating system, function __setCSVDir() and fixed
    also in lib/dump.py;
  * Minor enhancement in lib/injection.py to randomize the number
    requested to test the presence of a SQL injection affected parameter
    and implemented the possibilities to break (q) the for cycle when
    using the google dork option (-g);
  * Minor fix in lib/request.py to properly encode the url to request
    in case the "fixed" part of the url has blank spaces;
  * More minor layout enhancements in some libraries;
  * Renamed DMBS plugins;
  * Complete code refactoring, a lot of minor and some major fixes in
    libraries, many minor improvements;
  * Updated all documentation files.

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  4 Nov 2007 20:00:00 +0100


sqlmap (0.4-1) stable; urgency=low

  * Added DBMS fingerprint based also upon HTML error messages parsing
    defined in lib/parser.py which reads an XML file defining default
    error messages for each supported DBMS;
  * Added Microsoft SQL Server extensive DBMS fingerprint checks based
    upon accurate '@@version' parsing matching on an XML file to get also
    the exact patching level of the DBMS;
  * Added support for query ETA (Estimated Time of Arrival) real time
    calculation (--eta);
  * Added support to extract database management system users password
    hash on MySQL and PostgreSQL (--passwords);
  * Added docstrings to all functions, classes and methods, consequently
    released the sqlmap development documentation
    <http://sqlmap.sourceforge.net/dev/>;
  * Implemented Google dorking feature (-g) to take advantage of Google
    results affected by SQL injection to perform other command line
    argument on their DBMS;
  * Improved logging functionality: passed from banal 'print' to Python
    native logging library;
  * Added support for more than one parameter in '-p' command line
    option;
  * Added support for HTTP Basic and Digest authentication methods
    (--basic-auth and --digest-auth);
  * Added the command line option '--remote-dbms' to manually specify
    the remote DBMS;
  * Major improvements in union.UnionCheck() and union.UnionUse()
    functions to make it possible to exploit inband SQL injection also
    with database comment characters ('--' and '#') in UNION SELECT
    statements;
  * Added the possibility to save the output into a file while performing
    the queries (-o OUTPUTFILE) so it is possible to stop and resume the
    same query output retrieving in a second time (--resume);
  * Added support to specify the database table column to enumerate
    (-C COL);
  * Added inband SQL injection (UNION SELECT) support (--union-use);
  * Complete code refactoring, a lot of minor and some major fixes in
    libraries, many minor improvements;
  * Reviewed the directory tree structure;
  * Splitted lib/common.py: inband injection functionalities now are
    moved to lib/union.py;
  * Updated documentation files.

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 15 Jun 2007 20:00:00 +0100


sqlmap (0.3-1) stable; urgency=low

  * Added module for MS SQL Server;
  * Strongly improved MySQL dbms active fingerprint and added MySQL
    comment injection check;
  * Added PostgreSQL dbms active fingerprint;
  * Added support for string match (--string);
  * Added support for UNION check (--union-check);
  * Removed duplicated code, delegated most of features to the engine
    in common.py and option.py;
  * Added support for --data command line argument to pass the string
    for POST requests;
  * Added encodeParams() method to encode url parameters before making
    http request;
  * Many bug fixes;
  * Rewritten documentation files;
  * Complete code restyling.

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 20 Jan 2007 20:00:00 +0100


sqlmap (0.2-1) stable; urgency=low

  * complete refactor of entire program;
  * added TODO and THANKS files;
  * added some papers references in README file;
  * moved headers to user-agents.txt, now -f parameter specifies a file
    (user-agents.txt) and randomize the selection of User-Agent header;
  * strongly improved program plugins (mysqlmap.py and postgres.py),
    major enhancements:
    * improved active mysql fingerprint check_dbms();
    * improved enumeration functions for both databases;
    * minor changes in the unescape() functions;
  * replaced old inference algorithm with a new bisection algorithm.
  * reviewed command line parameters, now with -p it's possible to
    specify the parameter you know it's vulnerable to sql injection,
    this way the script won't perform the sql injection checks itself;
    removed the TOKEN parameter;
  * improved Common class, adding support for http proxy and http post
    method in hash_page;
  * added OptionCheck class in option.py which performs all needed checks
    on command line parameters and values;
  * added InjectionCheck class in injection.py which performs check on
    url stability, dynamics of parameters and injection on dynamic url
    parameters;
  * improved output methods in dump.py;
  * layout enhancement on main program file (sqlmap.py), adapted to call
    new option/injection classes and improvements on catching of
    exceptions.

 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed,  13 Dec 2006 20:00:00 +0100
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`sqlmap (0.6.1-1) stable; urgency=low`

			`* Major bug fix to blind SQL injection bisection algorithm to handle an`
			`exception;`
			`* Written a Metasploit 3 auxiliary module to run sqlmap;`
			`* Implemented possibility to test for and inject also on LIKE`
			`statements;`
			`* Implemented --start and --stop options to set the first and the last`
			`table entry to dump;`
			`* Added non-interactive/batch-mode (--batch) option to make it easy to`
			`wrap sqlmap in Metasploit and any other tool;`
			`* Minor enhancement to save also the length of query output in the`
			`session file when retrieving the query output length for ETA or for`
			`resume purposes. TODO: fix for ETA`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Fri, 10 Oct 2008 10:00:00 +0100`


			`sqlmap (0.6-1) stable; urgency=low`

			`* Complete code refactor and many bugs fixed;`
			`* Added multithreading support to set the maximum number of concurrent`
			`HTTP requests;`
			`* Implemented SQL shell (--sql-shell) functionality and fixed SQL query`
			`(--sql-query, before called -e) to be able to run whatever SELECT`
			`statement and get its output in both inband and blind SQL injection`
			`attack;`
			`* Added an option (--privileges) to retrieve DBMS users privileges, it`
			`also notifies if the user is a DBMS administrator;`
			`* Added support (-c) to read options from configuration file, an example`
			`of valid INI file is sqlmap.conf and support (--save) to save command`
			`line options on a configuration file;`
			`* Created a function that updates the whole sqlmap to the latest stable`
			`version available by running sqlmap with --update option;`
			`* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)`
			`installation binary packages;`
			`* Created sqlmap .exe (Windows) portable executable;`
			`* Save a lot of more information to the session file, useful when`
			`resuming injection on the same target to not loose time on identifying`
			`injection, UNION fields and back-end DBMS twice or more times;`
			`* Improved automatic check for parenthesis when testing and forging SQL`
			`query vector;`
			`* Now it checks for SQL injection on all GET/POST/Cookie parameters then`
			`it lets the user select which parameter to perform the injection on in`
			`case that more than one is injectable;`
			`* Implemented support for HTTPS requests over HTTP(S) proxy;`
			`* Added a check to handle NULL or not available queries output;`
			`* More entropy (randomStr() and randomInt() functions in`
			`lib/core/common.py) in inband SQL injection concatenated query and in`
			`AND condition checks;`
			`* Improved XML files structure;`
			`* Implemented the possibility to change the HTTP Referer header;`
			`* Added support to resume from session file also when running with`
			`inband SQL injection attack;`
			`* Added an option (--os-shell) to execute operating system commands if`
			`the back-end DBMS is MySQL, the web server has the PHP engine active`
			`and permits write access on a directory within the document root;`
			`* Added a check to assure that the provided string to match (--string)`
			`is within the page content;`
			`* Fixed various queries in XML file;`
			`* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted`
			`the library to parse it;`
			`* Fixed password fetching function, mainly for Microsoft SQL Server and`
			`reviewed the password hashes parsing function;`
			`* Major bug fixed to avoid tracebacks when the testable parameter(s) is`
			`dynamic, but not injectable;`
			`* Enhanced logging system: added three more levels of verbosity to show`
			`also HTTP sent and received traffic;`
			`* Enhancement to handle Set-Cookie from target url and automatically`
			`re-establish the Session when it expires;`
			`* Added support to inject also on Set-Cookie parameters;`
			`* Implemented TAB completion and command history on both --sql-shell and`
			`--os-shell;`
			`* Renamed some command line options;`
			`* Added a conversion library;`
			`* Added code schema and reminders for future developments;`
			`* Added Copyright comment and $Id$ svn property to all Python files;`
			`* Updated the command line layout and help messages;`
			`* Updated some docstrings;`
			`* Updated documentation files.`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Mon, 1 Sep 2008 10:00:00 +0100`


			`sqlmap (0.5-1) stable; urgency=low`

			`* Added support for Oracle database management system`
			`* Extended inband SQL injection functionality (--union-use) to all`
			`other possible queries since it only worked with -e and --file on`
			`all DMBS plugins;`
			`* Added support to extract database users password hash on Microsoft`
			`SQL Server;`
			`* Added a fuzzer function with the aim to parse HTML page looking`
			`for standard database error messages consequently improving`
			`database fingerprinting;`
			`* Added support for SQL injection on HTTP Cookie and User-Agent headers;`
			`* Reviewed HTTP request library (lib/request.py) to support the`
			`extended inband SQL injection functionality. Splitted getValue()`
			`into getInband() and getBlind();`
			`* Major enhancements in common library and added checkForBrackets()`
			`method to check if the bracket(s) are needed to perform a UNION query`
			`SQL injection attack;`
			`* Implemented --dump-all functionality to dump entire DBMS data from`
			`all databases tables;`
			`* Added support to exclude DBMS system databases' when enumeration`
			`tables and dumping their entries (--exclude-sysdbs);`
			`* Implemented in Dump.dbTableValues() method the CSV file dumped data`
			`automatic saving in csv/ folder by default;`
			`* Added DB2, Informix and Sybase DBMS error messages and minor`
			`improvements in xml/errors.xml;`
			`* Major improvement in all three DBMS plugins so now sqlmap does not`
			`get entire databases' tables structure when all of database/table/`
			`column are specified to be dumped;`
			`* Important fixes in lib/option.py to make sqlmap properly work also`
			`with python 2.5 and handle the CSV dump files creation work also`
			`under Windows operating system, function __setCSVDir() and fixed`
			`also in lib/dump.py;`
			`* Minor enhancement in lib/injection.py to randomize the number`
			`requested to test the presence of a SQL injection affected parameter`
			`and implemented the possibilities to break (q) the for cycle when`
			`using the google dork option (-g);`
			`* Minor fix in lib/request.py to properly encode the url to request`
			`in case the "fixed" part of the url has blank spaces;`
			`* More minor layout enhancements in some libraries;`
			`* Renamed DMBS plugins;`
			`* Complete code refactoring, a lot of minor and some major fixes in`
			`libraries, many minor improvements;`
			`* Updated all documentation files.`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Sun, 4 Nov 2007 20:00:00 +0100`


			`sqlmap (0.4-1) stable; urgency=low`

			`* Added DBMS fingerprint based also upon HTML error messages parsing`
			`defined in lib/parser.py which reads an XML file defining default`
			`error messages for each supported DBMS;`
			`* Added Microsoft SQL Server extensive DBMS fingerprint checks based`
			`upon accurate '@@version' parsing matching on an XML file to get also`
			`the exact patching level of the DBMS;`
			`* Added support for query ETA (Estimated Time of Arrival) real time`
			`calculation (--eta);`
			`* Added support to extract database management system users password`
			`hash on MySQL and PostgreSQL (--passwords);`
			`* Added docstrings to all functions, classes and methods, consequently`
			`released the sqlmap development documentation`
			`<http://sqlmap.sourceforge.net/dev/>;`
			`* Implemented Google dorking feature (-g) to take advantage of Google`
			`results affected by SQL injection to perform other command line`
			`argument on their DBMS;`
			`* Improved logging functionality: passed from banal 'print' to Python`
			`native logging library;`
			`* Added support for more than one parameter in '-p' command line`
			`option;`
			`* Added support for HTTP Basic and Digest authentication methods`
			`(--basic-auth and --digest-auth);`
			`* Added the command line option '--remote-dbms' to manually specify`
			`the remote DBMS;`
			`* Major improvements in union.UnionCheck() and union.UnionUse()`
			`functions to make it possible to exploit inband SQL injection also`
			`with database comment characters ('--' and '#') in UNION SELECT`
			`statements;`
			`* Added the possibility to save the output into a file while performing`
			`the queries (-o OUTPUTFILE) so it is possible to stop and resume the`
			`same query output retrieving in a second time (--resume);`
			`* Added support to specify the database table column to enumerate`
			`(-C COL);`
			`* Added inband SQL injection (UNION SELECT) support (--union-use);`
			`* Complete code refactoring, a lot of minor and some major fixes in`
			`libraries, many minor improvements;`
			`* Reviewed the directory tree structure;`
			`* Splitted lib/common.py: inband injection functionalities now are`
			`moved to lib/union.py;`
			`* Updated documentation files.`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Fri, 15 Jun 2007 20:00:00 +0100`


			`sqlmap (0.3-1) stable; urgency=low`

			`* Added module for MS SQL Server;`
			`* Strongly improved MySQL dbms active fingerprint and added MySQL`
			`comment injection check;`
			`* Added PostgreSQL dbms active fingerprint;`
			`* Added support for string match (--string);`
			`* Added support for UNION check (--union-check);`
			`* Removed duplicated code, delegated most of features to the engine`
			`in common.py and option.py;`
			`* Added support for --data command line argument to pass the string`
			`for POST requests;`
			`* Added encodeParams() method to encode url parameters before making`
			`http request;`
			`* Many bug fixes;`
			`* Rewritten documentation files;`
			`* Complete code restyling.`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Sat, 20 Jan 2007 20:00:00 +0100`


			`sqlmap (0.2-1) stable; urgency=low`

			`* complete refactor of entire program;`
			`* added TODO and THANKS files;`
			`* added some papers references in README file;`
			`* moved headers to user-agents.txt, now -f parameter specifies a file`
			`(user-agents.txt) and randomize the selection of User-Agent header;`
			`* strongly improved program plugins (mysqlmap.py and postgres.py),`
			`major enhancements:`
			`* improved active mysql fingerprint check_dbms();`
			`* improved enumeration functions for both databases;`
			`* minor changes in the unescape() functions;`
			`* replaced old inference algorithm with a new bisection algorithm.`
			`* reviewed command line parameters, now with -p it's possible to`
			`specify the parameter you know it's vulnerable to sql injection,`
			`this way the script won't perform the sql injection checks itself;`
			`removed the TOKEN parameter;`
			`* improved Common class, adding support for http proxy and http post`
			`method in hash_page;`
			`* added OptionCheck class in option.py which performs all needed checks`
			`on command line parameters and values;`
			`* added InjectionCheck class in injection.py which performs check on`
			`url stability, dynamics of parameters and injection on dynamic url`
			`parameters;`
			`* improved output methods in dump.py;`
			`* layout enhancement on main program file (sqlmap.py), adapted to call`
			`new option/injection classes and improvements on catching of`
			`exceptions.`

			`-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Wed, 13 Dec 2006 20:00:00 +0100`