mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Merged history into user's manual
This commit is contained in:
parent
44ea8f1861
commit
783c48f6e9
212
doc/README.html
212
doc/README.html
|
@ -25,6 +25,7 @@ for the latest version.</EM>
|
||||||
<LI><A NAME="toc1.2">1.2</A> <A HREF="README.html#ss1.2">Scenario</A>
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="README.html#ss1.2">Scenario</A>
|
||||||
<LI><A NAME="toc1.3">1.3</A> <A HREF="README.html#ss1.3">Techniques</A>
|
<LI><A NAME="toc1.3">1.3</A> <A HREF="README.html#ss1.3">Techniques</A>
|
||||||
<LI><A NAME="toc1.4">1.4</A> <A HREF="README.html#ss1.4">Demo</A>
|
<LI><A NAME="toc1.4">1.4</A> <A HREF="README.html#ss1.4">Demo</A>
|
||||||
|
<LI><A NAME="toc1.5">1.5</A> <A HREF="README.html#ss1.5">History</A>
|
||||||
</UL>
|
</UL>
|
||||||
<P>
|
<P>
|
||||||
<H2><A NAME="toc2">2.</A> <A HREF="README.html#s2">Features</A></H2>
|
<H2><A NAME="toc2">2.</A> <A HREF="README.html#s2">Features</A></H2>
|
||||||
|
@ -251,6 +252,217 @@ and the session user privileges.</LI>
|
||||||
from
|
from
|
||||||
<A HREF="http://sqlmap.sourceforge.net/demo.html">here</A>.</P>
|
<A HREF="http://sqlmap.sourceforge.net/demo.html">here</A>.</P>
|
||||||
|
|
||||||
|
<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">History</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<H3>2010</H3>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI><B>March 14</B>,
|
||||||
|
<A HREF="http://sqlmap.sourceforge.net/#author">Bernardo and Miroslav</A> release stable version of
|
||||||
|
sqlmap <B>0.8</B> featuring many features. Amongst these, support to
|
||||||
|
enumerate and dump all databases' tables containing user provided
|
||||||
|
column(s), stabilization and enhancements to the takeover functionalities,
|
||||||
|
updated integration with Metasploit 3.3.3 and a lot of minor features and
|
||||||
|
bug fixes.</LI>
|
||||||
|
<LI><B>January</B>, Bernardo is
|
||||||
|
<A HREF="http://www.athcon.org/speakers/">invited</A> to present at
|
||||||
|
<A HREF="http://www.athcon.org">AthCon</A> conference in Greece on June
|
||||||
|
2010.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>2009</H3>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI><B>December 18</B>, Miroslav Stampar replies to my public call
|
||||||
|
for developers. He contributes actively in the development of sqlmap from
|
||||||
|
version <B>0.8 release candidate 2</B>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>December 12</B>, Bernardo writes to the mailing list a post
|
||||||
|
titled
|
||||||
|
<A HREF="http://bernardodamele.blogspot.com/2009/12/sqlmap-state-of-art-3-years-later.html">sqlmap state of art - 3 years later</A> highlighting the goals
|
||||||
|
achieved during these first three years of the project and launches a call
|
||||||
|
for developers.
|
||||||
|
</LI>
|
||||||
|
<LI><B>December 4</B>, sqlmap-devel mailing list has been merged
|
||||||
|
sqlmap-users
|
||||||
|
<A HREF="http://sqlmap.sourceforge.net/#ml">mailing list</A>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>November 20</B>, Bernardo and Guido present again their
|
||||||
|
research on stealth database server takeover at CONfidence 2009 in Warsaw,
|
||||||
|
Poland.
|
||||||
|
</LI>
|
||||||
|
<LI><B>September 26</B>, sqlmap version <B>0.8 release candidate
|
||||||
|
1</B> goes public on the
|
||||||
|
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">Subversion repository</A>, with all the attack
|
||||||
|
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
|
||||||
|
enhanced version of the Microsoft SQL Server buffer overflow exploit to
|
||||||
|
automatically bypass DEP memory protection, support to establish the
|
||||||
|
out-of-band connection with the database server by executing in-memory
|
||||||
|
the Metasploit shellcode via UDF <EM>sys_bineval()</EM> (anti-forensics
|
||||||
|
technique), support to access the Windows registry hives and support to
|
||||||
|
inject custom user-defined functions.
|
||||||
|
</LI>
|
||||||
|
<LI><B>September 21</B>, Bernardo and
|
||||||
|
<A HREF="http://www.pornosecurity.org">Guido Landi</A>
|
||||||
|
<A HREF="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule">present</A> their research (
|
||||||
|
<A HREF="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">slides</A>) at SOURCE Conference 2009 in Barcelona, Spain.
|
||||||
|
</LI>
|
||||||
|
<LI><B>August</B>, Bernardo is accepted as a speaker to two others IT
|
||||||
|
security conferences,
|
||||||
|
<A HREF="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009">SOURCE Barcelona 2009</A> and
|
||||||
|
<A HREF="http://200902.confidence.org.pl/">CONfidence 2009 Warsaw</A>.
|
||||||
|
This new research is titled <EM>Expanding the control over the operating
|
||||||
|
system from the database</EM>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>July 25</B>, stable version of sqlmap <B>0.7</B> is out!
|
||||||
|
</LI>
|
||||||
|
<LI><B>June 2</B>, sqlmap version <B>0.6.4</B> has made it way to
|
||||||
|
the official Ubuntu repository too.
|
||||||
|
</LI>
|
||||||
|
<LI><B>May</B>, Bernardo presents again his research on operating
|
||||||
|
system takeover via SQL injection at
|
||||||
|
<A HREF="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland">OWASP AppSec Europe 2009</A> in Warsaw, Poland and at
|
||||||
|
<A HREF="http://eusecwest.com/">EUSecWest 2009</A> in London, UK.
|
||||||
|
</LI>
|
||||||
|
<LI><B>May 8</B>, sqlmap version <B>0.6.4</B> has been officially
|
||||||
|
accepted in Debian repository. Details on
|
||||||
|
<A HREF="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html">this blog post</A>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>April 22</B>, sqlmap version <B>0.7 release candidate 1</B>
|
||||||
|
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
|
||||||
|
Conference.
|
||||||
|
These include execution of arbitrary commands on the underlying operating
|
||||||
|
system, full integration with Metasploit to establish an out-of-band
|
||||||
|
TCP connection, first publicly available exploit for Microsoft Security
|
||||||
|
Bulletin
|
||||||
|
<A HREF="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx">MS09-004</A> against Microsoft SQL Server 2000 and 2005 and others
|
||||||
|
attacks to takeover the database server as a whole, not only the data from
|
||||||
|
the database.
|
||||||
|
</LI>
|
||||||
|
<LI><B>April 16</B>, Bernardo
|
||||||
|
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele">presents</A> his research (
|
||||||
|
<A HREF="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides">slides</A>,
|
||||||
|
<A HREF="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf">whitepaper</A>) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
|
||||||
|
The feedback from the audience is good and there has been some
|
||||||
|
<A HREF="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html">media coverage</A> too.
|
||||||
|
</LI>
|
||||||
|
<LI><B>March 5</B>, Bernardo
|
||||||
|
<A HREF="http://www.slideshare.net/inquis/sql-injection-not-only-and-11">presents</A> for the first time some of the sqlmap recent features and
|
||||||
|
upcoming enhancements at an international event,
|
||||||
|
<A HREF="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009">Front Range OWASP Conference 2009</A> in Denver, USA. The presentation
|
||||||
|
is titled <EM>SQL injection: Not only AND 1=1</EM>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>February 24</B>, Bernardo is accepted as a
|
||||||
|
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele">speaker</A> at
|
||||||
|
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html">Black Hat Europe 2009</A> with a presentation titled <EM>Advanced SQL
|
||||||
|
injection exploitation to operating system full control</EM>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>February 3</B>, sqlmap <B>0.6.4</B> is the last point release
|
||||||
|
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
|
||||||
|
sqlmap can now be used to execute any arbitrary SQL statement, not only
|
||||||
|
<EM>SELECT</EM> anymore. Also, many features have been stabilized, tweaked
|
||||||
|
and improved in terms of speed in this release.
|
||||||
|
</LI>
|
||||||
|
<LI><B>January 9</B>, Bernardo
|
||||||
|
<A HREF="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation">presents</A> <EM>SQL injection exploitation internals</EM> at a
|
||||||
|
private event in London, UK.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>2008</H3>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI><B>December 18</B>, sqlmap <B>0.6.3</B> is released featuring
|
||||||
|
support to retrieve targets from Burp and WebScarab proxies log files,
|
||||||
|
support to test for stacked queries ant time-based blind SQL injection,
|
||||||
|
rough fingerprint of the web server and web application technologies in
|
||||||
|
use and more options to customize the HTTP requests and enumerate more
|
||||||
|
information from the database.
|
||||||
|
</LI>
|
||||||
|
<LI><B>November 2</B>, sqlmap version <B>0.6.2</B> is a "bug fixes"
|
||||||
|
release only.
|
||||||
|
</LI>
|
||||||
|
<LI><B>October 20</B>, sqlmap first point release, <B>0.6.1</B>, goes
|
||||||
|
public. This includes minor bug fixes and the first contact between the
|
||||||
|
tool and
|
||||||
|
<A HREF="http://metasploit.com/framework">Metasploit</A>:
|
||||||
|
an auxiliary module to launch sqlmap from within Metasploit Framework.
|
||||||
|
The
|
||||||
|
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">Subversion development repository</A> goes public again.
|
||||||
|
</LI>
|
||||||
|
<LI><B>September 1</B>, nearly one year after the previous release,
|
||||||
|
sqlmap <B>0.6</B> comes to life featuring a complete code
|
||||||
|
refactoring, support to execute arbitrary SQL <EM>SELECT</EM> statements,
|
||||||
|
more options to enumerate and dump specific information are added, brand
|
||||||
|
new installation packages for Debian, Red Hat, Windows and much more.
|
||||||
|
</LI>
|
||||||
|
<LI><B>August</B>, two public
|
||||||
|
<A HREF="http://sqlmap.sourceforge.net/#ml">mailing lists</A> are created on SourceForge.
|
||||||
|
</LI>
|
||||||
|
<LI><B>January</B>, sqlmap Subversion development repository is moved
|
||||||
|
away from SourceForge and goes private for a while.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>2007</H3>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI><B>November 4</B>, release <B>0.5</B> marks the end of the OWASP
|
||||||
|
Spring of Code 2007 contest participation. Bernardo has
|
||||||
|
<A HREF="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page">accomplished</A> all the propsed objects which include initial support
|
||||||
|
for Oracle, enhanced support for UNION query SQL injection and support to
|
||||||
|
test and exploit injections on HTTP Cookie and User-Agent headers.
|
||||||
|
</LI>
|
||||||
|
<LI><B>June 15</B>, Bernardo releases version <B>0.4</B> as a
|
||||||
|
result of the first OWASP Spring of Code 2007 milestone. This release
|
||||||
|
features, amongst others, improvements to the DBMS fingerprint engine,
|
||||||
|
support to calculate the estimated time of arrival, options to enumerate
|
||||||
|
specific data from the database server and brand new logging system.
|
||||||
|
</LI>
|
||||||
|
<LI><B>April</B>, even though sqlmap was <B>not</B> and is <B>not</B>
|
||||||
|
an OWASP project, it gets
|
||||||
|
<A HREF="http://www.owasp.org/index.php/SpoC_007_-_SqlMap">accepted</A>, amongst many other open source projects to OWASP Spring
|
||||||
|
of Code 2007.
|
||||||
|
</LI>
|
||||||
|
<LI><B>March 30</B>, Bernardo applies to OWASP
|
||||||
|
<A HREF="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap">Spring of Code 2007</A>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>January 20</B>, sqlmap version <B>0.3</B> is released,
|
||||||
|
featuring initial support for Microsoft SQL Server, support to test
|
||||||
|
and exploit UNION query SQL injections and injection points in POST
|
||||||
|
parameters.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H3>2006</H3>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI><B>December 13</B>, Bernardo releases version <B>0.2</B> with
|
||||||
|
major enhancements to the DBMS fingerprint functionalities and replacement
|
||||||
|
of the old inference algorithm with the bisection algorithm.
|
||||||
|
</LI>
|
||||||
|
<LI><B>September</B>, Daniele leaves the project,
|
||||||
|
<A HREF="http://bernardodamele.blogspot.com">Bernardo Damele A. G.</A>
|
||||||
|
takes it over.
|
||||||
|
</LI>
|
||||||
|
<LI><B>August</B>, Daniele adds initial support for PostgreSQL and releases
|
||||||
|
version <B>0.1</B>.
|
||||||
|
</LI>
|
||||||
|
<LI><B>July 25</B>,
|
||||||
|
<A HREF="http://dbellucci.blogspot.com">Daniele Bellucci</A>
|
||||||
|
registers the sqlmap project on SourceForge and develops it on the
|
||||||
|
<A HREF="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/">SourceForge Subversion repository</A>. The skeleton is implemented and
|
||||||
|
limited support for MySQL added.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>
|
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>
|
||||||
|
|
||||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
209
doc/README.sgml
209
doc/README.sgml
|
@ -201,6 +201,215 @@ url="http://www.youtube.com/user/inquisb#g/u" name="YouTube"> and linked
|
||||||
from <htmlurl url="http://sqlmap.sourceforge.net/demo.html"
|
from <htmlurl url="http://sqlmap.sourceforge.net/demo.html"
|
||||||
name="here">.
|
name="here">.
|
||||||
|
|
||||||
|
<sect1>History
|
||||||
|
|
||||||
|
<sect2>2010
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<itemize>
|
||||||
|
<item><bf>March 14</bf>, <htmlurl name="Bernardo and Miroslav"
|
||||||
|
url="http://sqlmap.sourceforge.net/#author"> release stable version of
|
||||||
|
sqlmap <bf>0.8</bf> featuring many features. Amongst these, support to
|
||||||
|
enumerate and dump all databases' tables containing user provided
|
||||||
|
column(s), stabilization and enhancements to the takeover functionalities,
|
||||||
|
updated integration with Metasploit 3.3.3 and a lot of minor features and
|
||||||
|
bug fixes.
|
||||||
|
<item><bf>January</bf>, Bernardo is <htmlurl name="invited"
|
||||||
|
url="http://www.athcon.org/speakers/"> to present at <htmlurl
|
||||||
|
name="AthCon" url="http://www.athcon.org"> conference in Greece on June
|
||||||
|
2010.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<sect2>2009
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<itemize>
|
||||||
|
<item><bf>December 18</bf>, Miroslav Stampar replies to my public call
|
||||||
|
for developers. He contributes actively in the development of sqlmap from
|
||||||
|
version <bf>0.8 release candidate 2</bf>.
|
||||||
|
|
||||||
|
<item><bf>December 12</bf>, Bernardo writes to the mailing list a post
|
||||||
|
titled <htmlurl url="http://bernardodamele.blogspot.com/2009/12/sqlmap-state-of-art-3-years-later.html"
|
||||||
|
name="sqlmap state of art - 3 years later"> highlighting the goals
|
||||||
|
achieved during these first three years of the project and launches a call
|
||||||
|
for developers.
|
||||||
|
|
||||||
|
<item><bf>December 4</bf>, sqlmap-devel mailing list has been merged
|
||||||
|
sqlmap-users <htmlurl name="mailing list" url="http://sqlmap.sourceforge.net/#ml">.
|
||||||
|
|
||||||
|
<item><bf>November 20</bf>, Bernardo and Guido present again their
|
||||||
|
research on stealth database server takeover at CONfidence 2009 in Warsaw,
|
||||||
|
Poland.
|
||||||
|
|
||||||
|
<item><bf>September 26</bf>, sqlmap version <bf>0.8 release candidate
|
||||||
|
1</bf> goes public on the <htmlurl name="Subversion repository"
|
||||||
|
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">, with all the attack
|
||||||
|
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
|
||||||
|
enhanced version of the Microsoft SQL Server buffer overflow exploit to
|
||||||
|
automatically bypass DEP memory protection, support to establish the
|
||||||
|
out-of-band connection with the database server by executing in-memory
|
||||||
|
the Metasploit shellcode via UDF <em>sys_bineval()</em> (anti-forensics
|
||||||
|
technique), support to access the Windows registry hives and support to
|
||||||
|
inject custom user-defined functions.
|
||||||
|
|
||||||
|
<item><bf>September 21</bf>, Bernardo and <htmlurl name="Guido Landi"
|
||||||
|
url="http://www.pornosecurity.org"> <htmlurl name="present"
|
||||||
|
url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> their research (<htmlurl name="slides"
|
||||||
|
url="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">) at SOURCE Conference 2009 in Barcelona, Spain.
|
||||||
|
|
||||||
|
<item><bf>August</bf>, Bernardo is accepted as a speaker to two others IT
|
||||||
|
security conferences, <htmlurl url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009" name="SOURCE Barcelona 2009"> and <htmlurl url="http://200902.confidence.org.pl/"
|
||||||
|
name="CONfidence 2009 Warsaw">.
|
||||||
|
This new research is titled <em>Expanding the control over the operating
|
||||||
|
system from the database</em>.
|
||||||
|
|
||||||
|
<item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
|
||||||
|
|
||||||
|
<item><bf>June 2</bf>, sqlmap version <bf>0.6.4</bf> has made it way to
|
||||||
|
the official Ubuntu repository too.
|
||||||
|
|
||||||
|
<item><bf>May</bf>, Bernardo presents again his research on operating
|
||||||
|
system takeover via SQL injection at <htmlurl
|
||||||
|
url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
|
||||||
|
name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
|
||||||
|
url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
|
||||||
|
|
||||||
|
<item><bf>May 8</bf>, sqlmap version <bf>0.6.4</bf> has been officially
|
||||||
|
accepted in Debian repository. Details on <htmlurl
|
||||||
|
url="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html"
|
||||||
|
name="this blog post">.
|
||||||
|
|
||||||
|
<item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
|
||||||
|
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
|
||||||
|
Conference.
|
||||||
|
These include execution of arbitrary commands on the underlying operating
|
||||||
|
system, full integration with Metasploit to establish an out-of-band
|
||||||
|
TCP connection, first publicly available exploit for Microsoft Security
|
||||||
|
Bulletin <htmlurl url="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx"
|
||||||
|
name="MS09-004"> against Microsoft SQL Server 2000 and 2005 and others
|
||||||
|
attacks to takeover the database server as a whole, not only the data from
|
||||||
|
the database.
|
||||||
|
|
||||||
|
<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
|
||||||
|
name="presents"> his research (<htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides" name="slides">, <htmlurl
|
||||||
|
url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
|
||||||
|
name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
|
||||||
|
The feedback from the audience is good and there has been some
|
||||||
|
<htmlurl url="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html"
|
||||||
|
name="media coverage"> too.
|
||||||
|
|
||||||
|
<item><bf>March 5</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-not-only-and-11"
|
||||||
|
name="presents"> for the first time some of the sqlmap recent features and
|
||||||
|
upcoming enhancements at an international event, <htmlurl
|
||||||
|
url="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009"
|
||||||
|
name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
|
||||||
|
is titled <em>SQL injection: Not only AND 1=1</em>.
|
||||||
|
|
||||||
|
<item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
|
||||||
|
url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele"
|
||||||
|
name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
|
||||||
|
name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
|
||||||
|
injection exploitation to operating system full control</em>.
|
||||||
|
|
||||||
|
<item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
|
||||||
|
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
|
||||||
|
sqlmap can now be used to execute any arbitrary SQL statement, not only
|
||||||
|
<em>SELECT</em> anymore. Also, many features have been stabilized, tweaked
|
||||||
|
and improved in terms of speed in this release.
|
||||||
|
|
||||||
|
<item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
|
||||||
|
name="presents"> <em>SQL injection exploitation internals</em> at a
|
||||||
|
private event in London, UK.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<sect2>2008
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<itemize>
|
||||||
|
<item><bf>December 18</bf>, sqlmap <bf>0.6.3</bf> is released featuring
|
||||||
|
support to retrieve targets from Burp and WebScarab proxies log files,
|
||||||
|
support to test for stacked queries ant time-based blind SQL injection,
|
||||||
|
rough fingerprint of the web server and web application technologies in
|
||||||
|
use and more options to customize the HTTP requests and enumerate more
|
||||||
|
information from the database.
|
||||||
|
|
||||||
|
<item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
|
||||||
|
release only.
|
||||||
|
|
||||||
|
<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf>, goes
|
||||||
|
public. This includes minor bug fixes and the first contact between the
|
||||||
|
tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
|
||||||
|
an auxiliary module to launch sqlmap from within Metasploit Framework.
|
||||||
|
The <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
|
||||||
|
name="Subversion development repository"> goes public again.
|
||||||
|
|
||||||
|
<item><bf>September 1</bf>, nearly one year after the previous release,
|
||||||
|
sqlmap <bf>0.6</bf> comes to life featuring a complete code
|
||||||
|
refactoring, support to execute arbitrary SQL <em>SELECT</em> statements,
|
||||||
|
more options to enumerate and dump specific information are added, brand
|
||||||
|
new installation packages for Debian, Red Hat, Windows and much more.
|
||||||
|
|
||||||
|
<item><bf>August</bf>, two public <htmlurl name="mailing lists"
|
||||||
|
url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
|
||||||
|
|
||||||
|
<item><bf>January</bf>, sqlmap Subversion development repository is moved
|
||||||
|
away from SourceForge and goes private for a while.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<sect2>2007
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<itemize>
|
||||||
|
<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the OWASP
|
||||||
|
Spring of Code 2007 contest participation. Bernardo has <htmlurl
|
||||||
|
url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
|
||||||
|
name="accomplished"> all the propsed objects which include initial support
|
||||||
|
for Oracle, enhanced support for UNION query SQL injection and support to
|
||||||
|
test and exploit injections on HTTP Cookie and User-Agent headers.
|
||||||
|
|
||||||
|
<item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
|
||||||
|
result of the first OWASP Spring of Code 2007 milestone. This release
|
||||||
|
features, amongst others, improvements to the DBMS fingerprint engine,
|
||||||
|
support to calculate the estimated time of arrival, options to enumerate
|
||||||
|
specific data from the database server and brand new logging system.
|
||||||
|
|
||||||
|
<item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
|
||||||
|
an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
|
||||||
|
name="accepted">, amongst many other open source projects to OWASP Spring
|
||||||
|
of Code 2007.
|
||||||
|
|
||||||
|
<item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
|
||||||
|
url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
|
||||||
|
name="Spring of Code 2007">.
|
||||||
|
|
||||||
|
<item><bf>January 20</bf>, sqlmap version <bf>0.3</bf> is released,
|
||||||
|
featuring initial support for Microsoft SQL Server, support to test
|
||||||
|
and exploit UNION query SQL injections and injection points in POST
|
||||||
|
parameters.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<sect2>2006
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<itemize>
|
||||||
|
<item><bf>December 13</bf>, Bernardo releases version <bf>0.2</bf> with
|
||||||
|
major enhancements to the DBMS fingerprint functionalities and replacement
|
||||||
|
of the old inference algorithm with the bisection algorithm.
|
||||||
|
|
||||||
|
<item><bf>September</bf>, Daniele leaves the project, <htmlurl
|
||||||
|
url="http://bernardodamele.blogspot.com" name="Bernardo Damele A. G.">
|
||||||
|
takes it over.
|
||||||
|
|
||||||
|
<item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
|
||||||
|
version <bf>0.1</bf>.
|
||||||
|
|
||||||
|
<item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
|
||||||
|
registers the sqlmap project on SourceForge and develops it on the
|
||||||
|
<htmlurl url="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/"
|
||||||
|
name="SourceForge Subversion repository">. The skeleton is implemented and
|
||||||
|
limited support for MySQL added.
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
|
||||||
<sect>Features
|
<sect>Features
|
||||||
|
|
||||||
|
|
225
doc/history.sgml
225
doc/history.sgml
|
@ -1,225 +0,0 @@
|
||||||
<!doctype linuxdoc system>
|
|
||||||
|
|
||||||
<article>
|
|
||||||
|
|
||||||
<title>sqlmap history
|
|
||||||
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">
|
|
||||||
<date>Updated on April 30, 2010
|
|
||||||
<abstract>
|
|
||||||
Timeline history of <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
|
|
||||||
Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
|
|
||||||
for the latest version.
|
|
||||||
</abstract>
|
|
||||||
|
|
||||||
<toc>
|
|
||||||
|
|
||||||
|
|
||||||
<sect>2010
|
|
||||||
|
|
||||||
<itemize>
|
|
||||||
<item><bf>March 14</bf>, <htmlurl name="Bernardo and Miroslav"
|
|
||||||
url="http://sqlmap.sourceforge.net/#author"> release stable version of
|
|
||||||
sqlmap <bf>0.8</bf> featuring many features. Amongst these, support to
|
|
||||||
enumerate and dump all databases' tables containing user provided
|
|
||||||
column(s), stabilization and enhancements to the takeover functionalities,
|
|
||||||
updated integration with Metasploit 3.3.3 and a lot of minor features and
|
|
||||||
bug fixes.
|
|
||||||
<item><bf>January</bf>, Bernardo is <htmlurl name="invited"
|
|
||||||
url="http://www.athcon.org/speakers/"> to present at <htmlurl
|
|
||||||
name="AthCon" url="http://www.athcon.org"> conference in Greece on June
|
|
||||||
2010.
|
|
||||||
</itemize>
|
|
||||||
|
|
||||||
|
|
||||||
<sect>2009
|
|
||||||
|
|
||||||
<itemize>
|
|
||||||
<item><bf>December 18</bf>, Miroslav Stampar replies to my public call
|
|
||||||
for developers. He contributes actively in the development of sqlmap from
|
|
||||||
version <bf>0.8 release candidate 2</bf>.
|
|
||||||
|
|
||||||
<item><bf>December 12</bf>, Bernardo writes to the mailing list a post
|
|
||||||
titled <htmlurl url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912150559x7da484d0q5a580512abf4592f%40mail.gmail.com&forum_name=sqlmap-users"
|
|
||||||
name="sqlmap state of art - 3 years later"> highlighting the goals
|
|
||||||
achieved during these first three years of the project and launches a call
|
|
||||||
for developers.
|
|
||||||
|
|
||||||
<item><bf>December 4</bf>, sqlmap-devel mailing list has been <htmlurl
|
|
||||||
url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912040135y55b92f63v356f77c74771f0d5%40mail.gmail.com&forum_name=sqlmap-users" name="merged"> into
|
|
||||||
sqlmap-users <htmlurl name="mailing list" url="http://sqlmap.sourceforge.net/#ml">.
|
|
||||||
|
|
||||||
<item><bf>November 20</bf>, Bernardo and Guido present again their
|
|
||||||
research on stealth database server takeover at CONfidence 2009 in Warsaw,
|
|
||||||
Poland.
|
|
||||||
|
|
||||||
<item><bf>September 26</bf>, sqlmap version <bf>0.8 release candidate
|
|
||||||
1</bf> goes public on the <htmlurl name="Subversion repository"
|
|
||||||
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">, with all the attack
|
|
||||||
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
|
|
||||||
enhanced version of the Microsoft SQL Server buffer overflow exploit to
|
|
||||||
automatically bypass DEP memory protection, support to establish the
|
|
||||||
out-of-band connection with the database server by executing in-memory
|
|
||||||
the Metasploit shellcode via UDF <em>sys_bineval()</em> (anti-forensics
|
|
||||||
technique), support to access the Windows registry hives and support to
|
|
||||||
inject custom user-defined functions.
|
|
||||||
|
|
||||||
<item><bf>September 21</bf>, Bernardo and <htmlurl name="Guido Landi"
|
|
||||||
url="http://www.pornosecurity.org"> <htmlurl name="present"
|
|
||||||
url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> their research (<htmlurl name="slides"
|
|
||||||
url="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">) at SOURCE Conference 2009 in Barcelona, Spain.
|
|
||||||
|
|
||||||
<item><bf>August</bf>, Bernardo is accepted as a speaker to two others IT
|
|
||||||
security conferences, <htmlurl url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009" name="SOURCE Barcelona 2009"> and <htmlurl url="http://200902.confidence.org.pl/"
|
|
||||||
name="CONfidence 2009 Warsaw">.
|
|
||||||
This new research is titled <em>Expanding the control over the operating
|
|
||||||
system from the database</em>.
|
|
||||||
|
|
||||||
<item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
|
|
||||||
|
|
||||||
<item><bf>June 2</bf>, sqlmap version <bf>0.6.4</bf> has made it way to
|
|
||||||
the official Ubuntu repository too.
|
|
||||||
|
|
||||||
<item><bf>May</bf>, Bernardo presents again his research on operating
|
|
||||||
system takeover via SQL injection at <htmlurl
|
|
||||||
url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
|
|
||||||
name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
|
|
||||||
url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
|
|
||||||
|
|
||||||
<item><bf>May 8</bf>, sqlmap version <bf>0.6.4</bf> has been officially
|
|
||||||
accepted in Debian repository. Details on <htmlurl
|
|
||||||
url="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html"
|
|
||||||
name="this blog post">.
|
|
||||||
|
|
||||||
<item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
|
|
||||||
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
|
|
||||||
Conference.
|
|
||||||
These include execution of arbitrary commands on the underlying operating
|
|
||||||
system, full integration with Metasploit to establish an out-of-band
|
|
||||||
TCP connection, first publicly available exploit for Microsoft Security
|
|
||||||
Bulletin <htmlurl url="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx"
|
|
||||||
name="MS09-004"> against Microsoft SQL Server 2000 and 2005 and others
|
|
||||||
attacks to takeover the database server as a whole, not only the data from
|
|
||||||
the database.
|
|
||||||
|
|
||||||
<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
|
|
||||||
name="presents"> his research (<htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides" name="slides">, <htmlurl
|
|
||||||
url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
|
|
||||||
name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
|
|
||||||
The feedback from the audience is good and there has been some
|
|
||||||
<htmlurl url="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html"
|
|
||||||
name="media coverage"> too.
|
|
||||||
|
|
||||||
<item><bf>March 5</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-not-only-and-11"
|
|
||||||
name="presents"> for the first time some of the sqlmap recent features and
|
|
||||||
upcoming enhancements at an international event, <htmlurl
|
|
||||||
url="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009"
|
|
||||||
name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
|
|
||||||
is titled <em>SQL injection: Not only AND 1=1</em>.
|
|
||||||
|
|
||||||
<item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
|
|
||||||
url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele"
|
|
||||||
name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
|
|
||||||
name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
|
|
||||||
injection exploitation to operating system full control</em>.
|
|
||||||
|
|
||||||
<item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
|
|
||||||
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
|
|
||||||
sqlmap can now be used to execute any arbitrary SQL statement, not only
|
|
||||||
<em>SELECT</em> anymore. Also, many features have been stabilized, tweaked
|
|
||||||
and improved in terms of speed in this release.
|
|
||||||
|
|
||||||
<item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
|
|
||||||
name="presents"> <em>SQL injection exploitation internals</em> at a
|
|
||||||
private event in London, UK.
|
|
||||||
</itemize>
|
|
||||||
|
|
||||||
|
|
||||||
<sect>2008
|
|
||||||
|
|
||||||
<itemize>
|
|
||||||
<item><bf>December 18</bf>, sqlmap <bf>0.6.3</bf> is released featuring
|
|
||||||
support to retrieve targets from Burp and WebScarab proxies log files,
|
|
||||||
support to test for stacked queries ant time-based blind SQL injection,
|
|
||||||
rough fingerprint of the web server and web application technologies in
|
|
||||||
use and more options to customize the HTTP requests and enumerate more
|
|
||||||
information from the database.
|
|
||||||
|
|
||||||
<item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
|
|
||||||
release only.
|
|
||||||
|
|
||||||
<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf>, goes
|
|
||||||
public. This includes minor bug fixes and the first contact between the
|
|
||||||
tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
|
|
||||||
an auxiliary module to launch sqlmap from within Metasploit Framework.
|
|
||||||
The <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
|
|
||||||
name="Subversion development repository"> goes public again.
|
|
||||||
|
|
||||||
<item><bf>September 1</bf>, nearly one year after the previous release,
|
|
||||||
sqlmap <bf>0.6</bf> comes to life featuring a complete code
|
|
||||||
refactoring, support to execute arbitrary SQL <em>SELECT</em> statements,
|
|
||||||
more options to enumerate and dump specific information are added, brand
|
|
||||||
new installation packages for Debian, Red Hat, Windows and much more.
|
|
||||||
|
|
||||||
<item><bf>August</bf>, two public <htmlurl name="mailing lists"
|
|
||||||
url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
|
|
||||||
|
|
||||||
<item><bf>January</bf>, sqlmap Subversion development repository is moved
|
|
||||||
away from SourceForge and goes private for a while.
|
|
||||||
</itemize>
|
|
||||||
|
|
||||||
|
|
||||||
<sect>2007
|
|
||||||
|
|
||||||
<itemize>
|
|
||||||
<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the OWASP
|
|
||||||
Spring of Code 2007 contest participation. Bernardo has <htmlurl
|
|
||||||
url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
|
|
||||||
name="accomplished"> all the propsed objects which include initial support
|
|
||||||
for Oracle, enhanced support for UNION query SQL injection and support to
|
|
||||||
test and exploit injections on HTTP Cookie and User-Agent headers.
|
|
||||||
|
|
||||||
<item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
|
|
||||||
result of the first OWASP Spring of Code 2007 milestone. This release
|
|
||||||
features, amongst others, improvements to the DBMS fingerprint engine,
|
|
||||||
support to calculate the estimated time of arrival, options to enumerate
|
|
||||||
specific data from the database server and brand new logging system.
|
|
||||||
|
|
||||||
<item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
|
|
||||||
an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
|
|
||||||
name="accepted">, amongst many other open source projects to OWASP Spring
|
|
||||||
of Code 2007.
|
|
||||||
|
|
||||||
<item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
|
|
||||||
url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
|
|
||||||
name="Spring of Code 2007">.
|
|
||||||
|
|
||||||
<item><bf>January 20</bf>, sqlmap version <bf>0.3</bf> is released,
|
|
||||||
featuring initial support for Microsoft SQL Server, support to test
|
|
||||||
and exploit UNION query SQL injections and injection points in POST
|
|
||||||
parameters.
|
|
||||||
</itemize>
|
|
||||||
|
|
||||||
|
|
||||||
<sect>2006
|
|
||||||
|
|
||||||
<itemize>
|
|
||||||
<item><bf>December 13</bf>, Bernardo releases version <bf>0.2</bf> with
|
|
||||||
major enhancements to the DBMS fingerprint functionalities and replacement
|
|
||||||
of the old inference algorithm with the bisection algorithm.
|
|
||||||
|
|
||||||
<item><bf>September</bf>, Daniele leaves the project, <htmlurl
|
|
||||||
url="http://bernardodamele.blogspot.com" name="Bernardo Damele A. G.">
|
|
||||||
takes it over.
|
|
||||||
|
|
||||||
<item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
|
|
||||||
version <bf>0.1</bf>.
|
|
||||||
|
|
||||||
<item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
|
|
||||||
registers the sqlmap project on SourceForge and develops it on the
|
|
||||||
<htmlurl url="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/"
|
|
||||||
name="SourceForge Subversion repository">. The skeleton is implemented and
|
|
||||||
limited support for MySQL added.
|
|
||||||
</itemize>
|
|
||||||
|
|
||||||
|
|
||||||
</article>
|
|
Loading…
Reference in New Issue
Block a user