sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated documentation

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-30 00:08:10 +00:00
parent 7faefcca88
commit 267cf5dd1a
1 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/ChangeLog
View File

@ -1,47 +1,51 @@
sqlmap (0.8-1) stable; urgency=low sqlmap (0.8-1) stable; urgency=low
* Added support to enumerate and dump all databases' tables containing * Support to enumerate and dump all databases' tables containing user
user provided column(s) by specifying for instance '--dump -C provided column(s) by specifying for instance '--dump -C 'user,pass'.
user,pass'. Useful to identify for instance tables containing custom Useful to identify for instance tables containing custom application
application credentials (Bernardo). credentials (Bernardo).
* Added support to parse -C (column name(s)) when fetching * Support to parse -C (column name(s)) when fetching
columns of a table with --columns: it will enumerate only columns like columns of a table with --columns: it will enumerate only columns like
the provided one(s) within the specified table (Bernardo). the provided one(s) within the specified table (Bernardo).
* Added support for takeover features on PostgreSQL 8.4 (Bernardo). * Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Added automatic support in --os-pwn to use the web uploader/backdoor * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
to upload and execute the Metasploit payload stager when stacked 'getsystem' command to elevate privileges of the user running the
queries SQL injection is not supported, for instance on MySQL/PHP and back-end DBMS instance to SYSTEM (Bernardo).
MySQL/ASP (Bernardo). * Automatic support in --os-pwn to use the web uploader/backdoor to
* Added support to automatically decode deflate, gzip and x-gzip HTTP upload and execute the Metasploit payload stager when stacked queries
responses (Miroslav). SQL injection is not supported, for instance on MySQL/PHP and
MySQL/ASP but there is a writable folder within the web server
document root (Bernardo).
* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
useful when web application does not support stacked queries (Bernardo).
* Updated active fingerprint and comment injection fingerprint for
MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
* Support for NTLM authentication via python-ntlm third party library, * Support for NTLM authentication via python-ntlm third party library,
http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo). http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
* Support to automatically decode deflate, gzip and x-gzip HTTP
responses (Miroslav).
* Support for Certificate authentication, --auth-cert option added * Support for Certificate authentication, --auth-cert option added
(Miroslav). (Miroslav).
* Added support for regular expression based scope when parsing Burp or * Added support for regular expression based scope when parsing Burp or
Web Scarab proxy log file (-l), --scope (Miroslav). Web Scarab proxy log file (-l), --scope (Miroslav).
* Updated active fingerprint and comment injection fingerprint for
MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
* Added support to ignore Set-Cookie in HTTP responses, * Added support to ignore Set-Cookie in HTTP responses,
--drop-set-cookie (Miroslav). --drop-set-cookie (Miroslav).
* Added support to specify which Google dork result page to parse, * Added support to specify which Google dork result page to parse,
--gpage to be used together with -g (Miroslav). --gpage to be used together with -g (Miroslav).
* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
useful when web application does not support stacked queries (Bernardo).
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
(Miroslav). (Miroslav).
* Refactor --update to use python-svn third party library if available * Refactored --update to use python-svn third party library if available
or 'svn' command to update sqlmap to the latest development version or 'svn' command to update sqlmap to the latest development version
from subversion repository (Bernardo and Miroslav). from subversion repository (Bernardo and Miroslav).
* Major bugs fixed (Bernardo and Miroslav). * Major bugs fixed (Bernardo and Miroslav).
* Cleanup of UDF source code repository, * Cleanup of UDF source code repository,
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
and Miroslav). and Miroslav).
* Major code cleanup and refactoring (Bernardo and Miroslav). * Major code cleanup (Miroslav).
* Added simple file encryption/compression utility, extra/cloak/cloak.py * Added simple file encryption/compression utility, extra/cloak/cloak.py
used by sqlmap to decrypt on the fly Churrasco executable and web used by sqlmap to decrypt on the fly Churrasco and UPX executables and
shells consequently reduced drastically the number of anti virus web shells consequently reducing drastically the number of anti virus
softwares that mistakenly mark sqlmap as a malware (Miroslav). softwares that mistakenly mark sqlmap as a malware (Miroslav).
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Mon, 1 Mar 2010 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo.damele@gmail.com> Mon, 1 Mar 2010 10:00:00 +0000