mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Updated documentation
This commit is contained in:
parent
7faefcca88
commit
267cf5dd1a
|
@ -1,47 +1,51 @@
|
||||||
sqlmap (0.8-1) stable; urgency=low
|
sqlmap (0.8-1) stable; urgency=low
|
||||||
|
|
||||||
* Added support to enumerate and dump all databases' tables containing
|
* Support to enumerate and dump all databases' tables containing user
|
||||||
user provided column(s) by specifying for instance '--dump -C
|
provided column(s) by specifying for instance '--dump -C 'user,pass'.
|
||||||
user,pass'. Useful to identify for instance tables containing custom
|
Useful to identify for instance tables containing custom application
|
||||||
application credentials (Bernardo).
|
credentials (Bernardo).
|
||||||
* Added support to parse -C (column name(s)) when fetching
|
* Support to parse -C (column name(s)) when fetching
|
||||||
columns of a table with --columns: it will enumerate only columns like
|
columns of a table with --columns: it will enumerate only columns like
|
||||||
the provided one(s) within the specified table (Bernardo).
|
the provided one(s) within the specified table (Bernardo).
|
||||||
* Added support for takeover features on PostgreSQL 8.4 (Bernardo).
|
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
|
||||||
* Added automatic support in --os-pwn to use the web uploader/backdoor
|
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's
|
||||||
to upload and execute the Metasploit payload stager when stacked
|
'getsystem' command to elevate privileges of the user running the
|
||||||
queries SQL injection is not supported, for instance on MySQL/PHP and
|
back-end DBMS instance to SYSTEM (Bernardo).
|
||||||
MySQL/ASP (Bernardo).
|
* Automatic support in --os-pwn to use the web uploader/backdoor to
|
||||||
* Added support to automatically decode deflate, gzip and x-gzip HTTP
|
upload and execute the Metasploit payload stager when stacked queries
|
||||||
responses (Miroslav).
|
SQL injection is not supported, for instance on MySQL/PHP and
|
||||||
|
MySQL/ASP but there is a writable folder within the web server
|
||||||
|
document root (Bernardo).
|
||||||
|
* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
|
||||||
|
useful when web application does not support stacked queries (Bernardo).
|
||||||
|
* Updated active fingerprint and comment injection fingerprint for
|
||||||
|
MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
|
||||||
|
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
|
||||||
* Support for NTLM authentication via python-ntlm third party library,
|
* Support for NTLM authentication via python-ntlm third party library,
|
||||||
http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
|
http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
|
||||||
|
* Support to automatically decode deflate, gzip and x-gzip HTTP
|
||||||
|
responses (Miroslav).
|
||||||
* Support for Certificate authentication, --auth-cert option added
|
* Support for Certificate authentication, --auth-cert option added
|
||||||
(Miroslav).
|
(Miroslav).
|
||||||
* Added support for regular expression based scope when parsing Burp or
|
* Added support for regular expression based scope when parsing Burp or
|
||||||
Web Scarab proxy log file (-l), --scope (Miroslav).
|
Web Scarab proxy log file (-l), --scope (Miroslav).
|
||||||
* Updated active fingerprint and comment injection fingerprint for
|
|
||||||
MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
|
|
||||||
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
|
|
||||||
* Added support to ignore Set-Cookie in HTTP responses,
|
* Added support to ignore Set-Cookie in HTTP responses,
|
||||||
--drop-set-cookie (Miroslav).
|
--drop-set-cookie (Miroslav).
|
||||||
* Added support to specify which Google dork result page to parse,
|
* Added support to specify which Google dork result page to parse,
|
||||||
--gpage to be used together with -g (Miroslav).
|
--gpage to be used together with -g (Miroslav).
|
||||||
* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
|
|
||||||
useful when web application does not support stacked queries (Bernardo).
|
|
||||||
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header
|
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header
|
||||||
(Miroslav).
|
(Miroslav).
|
||||||
* Refactor --update to use python-svn third party library if available
|
* Refactored --update to use python-svn third party library if available
|
||||||
or 'svn' command to update sqlmap to the latest development version
|
or 'svn' command to update sqlmap to the latest development version
|
||||||
from subversion repository (Bernardo and Miroslav).
|
from subversion repository (Bernardo and Miroslav).
|
||||||
* Major bugs fixed (Bernardo and Miroslav).
|
* Major bugs fixed (Bernardo and Miroslav).
|
||||||
* Cleanup of UDF source code repository,
|
* Cleanup of UDF source code repository,
|
||||||
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
|
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
|
||||||
and Miroslav).
|
and Miroslav).
|
||||||
* Major code cleanup and refactoring (Bernardo and Miroslav).
|
* Major code cleanup (Miroslav).
|
||||||
* Added simple file encryption/compression utility, extra/cloak/cloak.py
|
* Added simple file encryption/compression utility, extra/cloak/cloak.py
|
||||||
used by sqlmap to decrypt on the fly Churrasco executable and web
|
used by sqlmap to decrypt on the fly Churrasco and UPX executables and
|
||||||
shells consequently reduced drastically the number of anti virus
|
web shells consequently reducing drastically the number of anti virus
|
||||||
softwares that mistakenly mark sqlmap as a malware (Miroslav).
|
softwares that mistakenly mark sqlmap as a malware (Miroslav).
|
||||||
|
|
||||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Mon, 1 Mar 2010 10:00:00 +0000
|
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Mon, 1 Mar 2010 10:00:00 +0000
|
||||||
|
|
Loading…
Reference in New Issue
Block a user