Merged history into user's manual

This commit is contained in:
Bernardo Damele 2010-05-06 11:09:03 +00:00
parent 44ea8f1861
commit 783c48f6e9
4 changed files with 421 additions and 225 deletions

View File

@ -25,6 +25,7 @@ for the latest version.</EM>
<LI><A NAME="toc1.2">1.2</A> <A HREF="README.html#ss1.2">Scenario</A>
<LI><A NAME="toc1.3">1.3</A> <A HREF="README.html#ss1.3">Techniques</A>
<LI><A NAME="toc1.4">1.4</A> <A HREF="README.html#ss1.4">Demo</A>
<LI><A NAME="toc1.5">1.5</A> <A HREF="README.html#ss1.5">History</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="README.html#s2">Features</A></H2>
@ -251,6 +252,217 @@ and the session user privileges.</LI>
from
<A HREF="http://sqlmap.sourceforge.net/demo.html">here</A>.</P>
<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">History</A>
</H2>
<H3>2010</H3>
<P>
<UL>
<LI><B>March 14</B>,
<A HREF="http://sqlmap.sourceforge.net/#author">Bernardo and Miroslav</A> release stable version of
sqlmap <B>0.8</B> featuring many features. Amongst these, support to
enumerate and dump all databases' tables containing user provided
column(s), stabilization and enhancements to the takeover functionalities,
updated integration with Metasploit 3.3.3 and a lot of minor features and
bug fixes.</LI>
<LI><B>January</B>, Bernardo is
<A HREF="http://www.athcon.org/speakers/">invited</A> to present at
<A HREF="http://www.athcon.org">AthCon</A> conference in Greece on June
2010.</LI>
</UL>
</P>
<H3>2009</H3>
<P>
<UL>
<LI><B>December 18</B>, Miroslav Stampar replies to my public call
for developers. He contributes actively in the development of sqlmap from
version <B>0.8 release candidate 2</B>.
</LI>
<LI><B>December 12</B>, Bernardo writes to the mailing list a post
titled
<A HREF="http://bernardodamele.blogspot.com/2009/12/sqlmap-state-of-art-3-years-later.html">sqlmap state of art - 3 years later</A> highlighting the goals
achieved during these first three years of the project and launches a call
for developers.
</LI>
<LI><B>December 4</B>, sqlmap-devel mailing list has been merged
sqlmap-users
<A HREF="http://sqlmap.sourceforge.net/#ml">mailing list</A>.
</LI>
<LI><B>November 20</B>, Bernardo and Guido present again their
research on stealth database server takeover at CONfidence 2009 in Warsaw,
Poland.
</LI>
<LI><B>September 26</B>, sqlmap version <B>0.8 release candidate
1</B> goes public on the
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">Subversion repository</A>, with all the attack
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
enhanced version of the Microsoft SQL Server buffer overflow exploit to
automatically bypass DEP memory protection, support to establish the
out-of-band connection with the database server by executing in-memory
the Metasploit shellcode via UDF <EM>sys_bineval()</EM> (anti-forensics
technique), support to access the Windows registry hives and support to
inject custom user-defined functions.
</LI>
<LI><B>September 21</B>, Bernardo and
<A HREF="http://www.pornosecurity.org">Guido Landi</A>
<A HREF="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule">present</A> their research (
<A HREF="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">slides</A>) at SOURCE Conference 2009 in Barcelona, Spain.
</LI>
<LI><B>August</B>, Bernardo is accepted as a speaker to two others IT
security conferences,
<A HREF="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009">SOURCE Barcelona 2009</A> and
<A HREF="http://200902.confidence.org.pl/">CONfidence 2009 Warsaw</A>.
This new research is titled <EM>Expanding the control over the operating
system from the database</EM>.
</LI>
<LI><B>July 25</B>, stable version of sqlmap <B>0.7</B> is out!
</LI>
<LI><B>June 2</B>, sqlmap version <B>0.6.4</B> has made it way to
the official Ubuntu repository too.
</LI>
<LI><B>May</B>, Bernardo presents again his research on operating
system takeover via SQL injection at
<A HREF="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland">OWASP AppSec Europe 2009</A> in Warsaw, Poland and at
<A HREF="http://eusecwest.com/">EUSecWest 2009</A> in London, UK.
</LI>
<LI><B>May 8</B>, sqlmap version <B>0.6.4</B> has been officially
accepted in Debian repository. Details on
<A HREF="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html">this blog post</A>.
</LI>
<LI><B>April 22</B>, sqlmap version <B>0.7 release candidate 1</B>
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
Conference.
These include execution of arbitrary commands on the underlying operating
system, full integration with Metasploit to establish an out-of-band
TCP connection, first publicly available exploit for Microsoft Security
Bulletin
<A HREF="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx">MS09-004</A> against Microsoft SQL Server 2000 and 2005 and others
attacks to takeover the database server as a whole, not only the data from
the database.
</LI>
<LI><B>April 16</B>, Bernardo
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele">presents</A> his research (
<A HREF="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides">slides</A>,
<A HREF="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf">whitepaper</A>) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
The feedback from the audience is good and there has been some
<A HREF="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html">media coverage</A> too.
</LI>
<LI><B>March 5</B>, Bernardo
<A HREF="http://www.slideshare.net/inquis/sql-injection-not-only-and-11">presents</A> for the first time some of the sqlmap recent features and
upcoming enhancements at an international event,
<A HREF="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009">Front Range OWASP Conference 2009</A> in Denver, USA. The presentation
is titled <EM>SQL injection: Not only AND 1=1</EM>.
</LI>
<LI><B>February 24</B>, Bernardo is accepted as a
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele">speaker</A> at
<A HREF="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html">Black Hat Europe 2009</A> with a presentation titled <EM>Advanced SQL
injection exploitation to operating system full control</EM>.
</LI>
<LI><B>February 3</B>, sqlmap <B>0.6.4</B> is the last point release
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
sqlmap can now be used to execute any arbitrary SQL statement, not only
<EM>SELECT</EM> anymore. Also, many features have been stabilized, tweaked
and improved in terms of speed in this release.
</LI>
<LI><B>January 9</B>, Bernardo
<A HREF="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation">presents</A> <EM>SQL injection exploitation internals</EM> at a
private event in London, UK.</LI>
</UL>
</P>
<H3>2008</H3>
<P>
<UL>
<LI><B>December 18</B>, sqlmap <B>0.6.3</B> is released featuring
support to retrieve targets from Burp and WebScarab proxies log files,
support to test for stacked queries ant time-based blind SQL injection,
rough fingerprint of the web server and web application technologies in
use and more options to customize the HTTP requests and enumerate more
information from the database.
</LI>
<LI><B>November 2</B>, sqlmap version <B>0.6.2</B> is a "bug fixes"
release only.
</LI>
<LI><B>October 20</B>, sqlmap first point release, <B>0.6.1</B>, goes
public. This includes minor bug fixes and the first contact between the
tool and
<A HREF="http://metasploit.com/framework">Metasploit</A>:
an auxiliary module to launch sqlmap from within Metasploit Framework.
The
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">Subversion development repository</A> goes public again.
</LI>
<LI><B>September 1</B>, nearly one year after the previous release,
sqlmap <B>0.6</B> comes to life featuring a complete code
refactoring, support to execute arbitrary SQL <EM>SELECT</EM> statements,
more options to enumerate and dump specific information are added, brand
new installation packages for Debian, Red Hat, Windows and much more.
</LI>
<LI><B>August</B>, two public
<A HREF="http://sqlmap.sourceforge.net/#ml">mailing lists</A> are created on SourceForge.
</LI>
<LI><B>January</B>, sqlmap Subversion development repository is moved
away from SourceForge and goes private for a while.</LI>
</UL>
</P>
<H3>2007</H3>
<P>
<UL>
<LI><B>November 4</B>, release <B>0.5</B> marks the end of the OWASP
Spring of Code 2007 contest participation. Bernardo has
<A HREF="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page">accomplished</A> all the propsed objects which include initial support
for Oracle, enhanced support for UNION query SQL injection and support to
test and exploit injections on HTTP Cookie and User-Agent headers.
</LI>
<LI><B>June 15</B>, Bernardo releases version <B>0.4</B> as a
result of the first OWASP Spring of Code 2007 milestone. This release
features, amongst others, improvements to the DBMS fingerprint engine,
support to calculate the estimated time of arrival, options to enumerate
specific data from the database server and brand new logging system.
</LI>
<LI><B>April</B>, even though sqlmap was <B>not</B> and is <B>not</B>
an OWASP project, it gets
<A HREF="http://www.owasp.org/index.php/SpoC_007_-_SqlMap">accepted</A>, amongst many other open source projects to OWASP Spring
of Code 2007.
</LI>
<LI><B>March 30</B>, Bernardo applies to OWASP
<A HREF="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap">Spring of Code 2007</A>.
</LI>
<LI><B>January 20</B>, sqlmap version <B>0.3</B> is released,
featuring initial support for Microsoft SQL Server, support to test
and exploit UNION query SQL injections and injection points in POST
parameters.</LI>
</UL>
</P>
<H3>2006</H3>
<P>
<UL>
<LI><B>December 13</B>, Bernardo releases version <B>0.2</B> with
major enhancements to the DBMS fingerprint functionalities and replacement
of the old inference algorithm with the bisection algorithm.
</LI>
<LI><B>September</B>, Daniele leaves the project,
<A HREF="http://bernardodamele.blogspot.com">Bernardo Damele A. G.</A>
takes it over.
</LI>
<LI><B>August</B>, Daniele adds initial support for PostgreSQL and releases
version <B>0.1</B>.
</LI>
<LI><B>July 25</B>,
<A HREF="http://dbellucci.blogspot.com">Daniele Bellucci</A>
registers the sqlmap project on SourceForge and develops it on the
<A HREF="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/">SourceForge Subversion repository</A>. The skeleton is implemented and
limited support for MySQL added.</LI>
</UL>
</P>
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>

Binary file not shown.

View File

@ -201,6 +201,215 @@ url="http://www.youtube.com/user/inquisb#g/u" name="YouTube"> and linked
from <htmlurl url="http://sqlmap.sourceforge.net/demo.html"
name="here">.
<sect1>History
<sect2>2010
<p>
<itemize>
<item><bf>March 14</bf>, <htmlurl name="Bernardo and Miroslav"
url="http://sqlmap.sourceforge.net/#author"> release stable version of
sqlmap <bf>0.8</bf> featuring many features. Amongst these, support to
enumerate and dump all databases' tables containing user provided
column(s), stabilization and enhancements to the takeover functionalities,
updated integration with Metasploit 3.3.3 and a lot of minor features and
bug fixes.
<item><bf>January</bf>, Bernardo is <htmlurl name="invited"
url="http://www.athcon.org/speakers/"> to present at <htmlurl
name="AthCon" url="http://www.athcon.org"> conference in Greece on June
2010.
</itemize>
<sect2>2009
<p>
<itemize>
<item><bf>December 18</bf>, Miroslav Stampar replies to my public call
for developers. He contributes actively in the development of sqlmap from
version <bf>0.8 release candidate 2</bf>.
<item><bf>December 12</bf>, Bernardo writes to the mailing list a post
titled <htmlurl url="http://bernardodamele.blogspot.com/2009/12/sqlmap-state-of-art-3-years-later.html"
name="sqlmap state of art - 3 years later"> highlighting the goals
achieved during these first three years of the project and launches a call
for developers.
<item><bf>December 4</bf>, sqlmap-devel mailing list has been merged
sqlmap-users <htmlurl name="mailing list" url="http://sqlmap.sourceforge.net/#ml">.
<item><bf>November 20</bf>, Bernardo and Guido present again their
research on stealth database server takeover at CONfidence 2009 in Warsaw,
Poland.
<item><bf>September 26</bf>, sqlmap version <bf>0.8 release candidate
1</bf> goes public on the <htmlurl name="Subversion repository"
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">, with all the attack
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
enhanced version of the Microsoft SQL Server buffer overflow exploit to
automatically bypass DEP memory protection, support to establish the
out-of-band connection with the database server by executing in-memory
the Metasploit shellcode via UDF <em>sys_bineval()</em> (anti-forensics
technique), support to access the Windows registry hives and support to
inject custom user-defined functions.
<item><bf>September 21</bf>, Bernardo and <htmlurl name="Guido Landi"
url="http://www.pornosecurity.org"> <htmlurl name="present"
url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> their research (<htmlurl name="slides"
url="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">) at SOURCE Conference 2009 in Barcelona, Spain.
<item><bf>August</bf>, Bernardo is accepted as a speaker to two others IT
security conferences, <htmlurl url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009" name="SOURCE Barcelona 2009"> and <htmlurl url="http://200902.confidence.org.pl/"
name="CONfidence 2009 Warsaw">.
This new research is titled <em>Expanding the control over the operating
system from the database</em>.
<item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
<item><bf>June 2</bf>, sqlmap version <bf>0.6.4</bf> has made it way to
the official Ubuntu repository too.
<item><bf>May</bf>, Bernardo presents again his research on operating
system takeover via SQL injection at <htmlurl
url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
<item><bf>May 8</bf>, sqlmap version <bf>0.6.4</bf> has been officially
accepted in Debian repository. Details on <htmlurl
url="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html"
name="this blog post">.
<item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
Conference.
These include execution of arbitrary commands on the underlying operating
system, full integration with Metasploit to establish an out-of-band
TCP connection, first publicly available exploit for Microsoft Security
Bulletin <htmlurl url="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx"
name="MS09-004"> against Microsoft SQL Server 2000 and 2005 and others
attacks to takeover the database server as a whole, not only the data from
the database.
<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
name="presents"> his research (<htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides" name="slides">, <htmlurl
url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
The feedback from the audience is good and there has been some
<htmlurl url="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html"
name="media coverage"> too.
<item><bf>March 5</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-not-only-and-11"
name="presents"> for the first time some of the sqlmap recent features and
upcoming enhancements at an international event, <htmlurl
url="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009"
name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
is titled <em>SQL injection: Not only AND 1=1</em>.
<item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele"
name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
injection exploitation to operating system full control</em>.
<item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
sqlmap can now be used to execute any arbitrary SQL statement, not only
<em>SELECT</em> anymore. Also, many features have been stabilized, tweaked
and improved in terms of speed in this release.
<item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
name="presents"> <em>SQL injection exploitation internals</em> at a
private event in London, UK.
</itemize>
<sect2>2008
<p>
<itemize>
<item><bf>December 18</bf>, sqlmap <bf>0.6.3</bf> is released featuring
support to retrieve targets from Burp and WebScarab proxies log files,
support to test for stacked queries ant time-based blind SQL injection,
rough fingerprint of the web server and web application technologies in
use and more options to customize the HTTP requests and enumerate more
information from the database.
<item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
release only.
<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf>, goes
public. This includes minor bug fixes and the first contact between the
tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
an auxiliary module to launch sqlmap from within Metasploit Framework.
The <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
name="Subversion development repository"> goes public again.
<item><bf>September 1</bf>, nearly one year after the previous release,
sqlmap <bf>0.6</bf> comes to life featuring a complete code
refactoring, support to execute arbitrary SQL <em>SELECT</em> statements,
more options to enumerate and dump specific information are added, brand
new installation packages for Debian, Red Hat, Windows and much more.
<item><bf>August</bf>, two public <htmlurl name="mailing lists"
url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
<item><bf>January</bf>, sqlmap Subversion development repository is moved
away from SourceForge and goes private for a while.
</itemize>
<sect2>2007
<p>
<itemize>
<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the OWASP
Spring of Code 2007 contest participation. Bernardo has <htmlurl
url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
name="accomplished"> all the propsed objects which include initial support
for Oracle, enhanced support for UNION query SQL injection and support to
test and exploit injections on HTTP Cookie and User-Agent headers.
<item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
result of the first OWASP Spring of Code 2007 milestone. This release
features, amongst others, improvements to the DBMS fingerprint engine,
support to calculate the estimated time of arrival, options to enumerate
specific data from the database server and brand new logging system.
<item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
name="accepted">, amongst many other open source projects to OWASP Spring
of Code 2007.
<item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
name="Spring of Code 2007">.
<item><bf>January 20</bf>, sqlmap version <bf>0.3</bf> is released,
featuring initial support for Microsoft SQL Server, support to test
and exploit UNION query SQL injections and injection points in POST
parameters.
</itemize>
<sect2>2006
<p>
<itemize>
<item><bf>December 13</bf>, Bernardo releases version <bf>0.2</bf> with
major enhancements to the DBMS fingerprint functionalities and replacement
of the old inference algorithm with the bisection algorithm.
<item><bf>September</bf>, Daniele leaves the project, <htmlurl
url="http://bernardodamele.blogspot.com" name="Bernardo Damele A. G.">
takes it over.
<item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
version <bf>0.1</bf>.
<item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
registers the sqlmap project on SourceForge and develops it on the
<htmlurl url="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/"
name="SourceForge Subversion repository">. The skeleton is implemented and
limited support for MySQL added.
</itemize>
<sect>Features

View File

@ -1,225 +0,0 @@
<!doctype linuxdoc system>
<article>
<title>sqlmap history
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">
<date>Updated on April 30, 2010
<abstract>
Timeline history of <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
for the latest version.
</abstract>
<toc>
<sect>2010
<itemize>
<item><bf>March 14</bf>, <htmlurl name="Bernardo and Miroslav"
url="http://sqlmap.sourceforge.net/#author"> release stable version of
sqlmap <bf>0.8</bf> featuring many features. Amongst these, support to
enumerate and dump all databases' tables containing user provided
column(s), stabilization and enhancements to the takeover functionalities,
updated integration with Metasploit 3.3.3 and a lot of minor features and
bug fixes.
<item><bf>January</bf>, Bernardo is <htmlurl name="invited"
url="http://www.athcon.org/speakers/"> to present at <htmlurl
name="AthCon" url="http://www.athcon.org"> conference in Greece on June
2010.
</itemize>
<sect>2009
<itemize>
<item><bf>December 18</bf>, Miroslav Stampar replies to my public call
for developers. He contributes actively in the development of sqlmap from
version <bf>0.8 release candidate 2</bf>.
<item><bf>December 12</bf>, Bernardo writes to the mailing list a post
titled <htmlurl url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912150559x7da484d0q5a580512abf4592f%40mail.gmail.com&forum_name=sqlmap-users"
name="sqlmap state of art - 3 years later"> highlighting the goals
achieved during these first three years of the project and launches a call
for developers.
<item><bf>December 4</bf>, sqlmap-devel mailing list has been <htmlurl
url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912040135y55b92f63v356f77c74771f0d5%40mail.gmail.com&forum_name=sqlmap-users" name="merged"> into
sqlmap-users <htmlurl name="mailing list" url="http://sqlmap.sourceforge.net/#ml">.
<item><bf>November 20</bf>, Bernardo and Guido present again their
research on stealth database server takeover at CONfidence 2009 in Warsaw,
Poland.
<item><bf>September 26</bf>, sqlmap version <bf>0.8 release candidate
1</bf> goes public on the <htmlurl name="Subversion repository"
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">, with all the attack
vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
enhanced version of the Microsoft SQL Server buffer overflow exploit to
automatically bypass DEP memory protection, support to establish the
out-of-band connection with the database server by executing in-memory
the Metasploit shellcode via UDF <em>sys_bineval()</em> (anti-forensics
technique), support to access the Windows registry hives and support to
inject custom user-defined functions.
<item><bf>September 21</bf>, Bernardo and <htmlurl name="Guido Landi"
url="http://www.pornosecurity.org"> <htmlurl name="present"
url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> their research (<htmlurl name="slides"
url="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">) at SOURCE Conference 2009 in Barcelona, Spain.
<item><bf>August</bf>, Bernardo is accepted as a speaker to two others IT
security conferences, <htmlurl url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009" name="SOURCE Barcelona 2009"> and <htmlurl url="http://200902.confidence.org.pl/"
name="CONfidence 2009 Warsaw">.
This new research is titled <em>Expanding the control over the operating
system from the database</em>.
<item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
<item><bf>June 2</bf>, sqlmap version <bf>0.6.4</bf> has made it way to
the official Ubuntu repository too.
<item><bf>May</bf>, Bernardo presents again his research on operating
system takeover via SQL injection at <htmlurl
url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
<item><bf>May 8</bf>, sqlmap version <bf>0.6.4</bf> has been officially
accepted in Debian repository. Details on <htmlurl
url="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html"
name="this blog post">.
<item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
goes public, with all the attack vectors unveiled at Black Hat Europe 2009
Conference.
These include execution of arbitrary commands on the underlying operating
system, full integration with Metasploit to establish an out-of-band
TCP connection, first publicly available exploit for Microsoft Security
Bulletin <htmlurl url="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx"
name="MS09-004"> against Microsoft SQL Server 2000 and 2005 and others
attacks to takeover the database server as a whole, not only the data from
the database.
<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
name="presents"> his research (<htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides" name="slides">, <htmlurl
url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
The feedback from the audience is good and there has been some
<htmlurl url="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html"
name="media coverage"> too.
<item><bf>March 5</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-not-only-and-11"
name="presents"> for the first time some of the sqlmap recent features and
upcoming enhancements at an international event, <htmlurl
url="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009"
name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
is titled <em>SQL injection: Not only AND 1=1</em>.
<item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele"
name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
injection exploitation to operating system full control</em>.
<item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
sqlmap can now be used to execute any arbitrary SQL statement, not only
<em>SELECT</em> anymore. Also, many features have been stabilized, tweaked
and improved in terms of speed in this release.
<item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
name="presents"> <em>SQL injection exploitation internals</em> at a
private event in London, UK.
</itemize>
<sect>2008
<itemize>
<item><bf>December 18</bf>, sqlmap <bf>0.6.3</bf> is released featuring
support to retrieve targets from Burp and WebScarab proxies log files,
support to test for stacked queries ant time-based blind SQL injection,
rough fingerprint of the web server and web application technologies in
use and more options to customize the HTTP requests and enumerate more
information from the database.
<item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
release only.
<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf>, goes
public. This includes minor bug fixes and the first contact between the
tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
an auxiliary module to launch sqlmap from within Metasploit Framework.
The <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
name="Subversion development repository"> goes public again.
<item><bf>September 1</bf>, nearly one year after the previous release,
sqlmap <bf>0.6</bf> comes to life featuring a complete code
refactoring, support to execute arbitrary SQL <em>SELECT</em> statements,
more options to enumerate and dump specific information are added, brand
new installation packages for Debian, Red Hat, Windows and much more.
<item><bf>August</bf>, two public <htmlurl name="mailing lists"
url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
<item><bf>January</bf>, sqlmap Subversion development repository is moved
away from SourceForge and goes private for a while.
</itemize>
<sect>2007
<itemize>
<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the OWASP
Spring of Code 2007 contest participation. Bernardo has <htmlurl
url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
name="accomplished"> all the propsed objects which include initial support
for Oracle, enhanced support for UNION query SQL injection and support to
test and exploit injections on HTTP Cookie and User-Agent headers.
<item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
result of the first OWASP Spring of Code 2007 milestone. This release
features, amongst others, improvements to the DBMS fingerprint engine,
support to calculate the estimated time of arrival, options to enumerate
specific data from the database server and brand new logging system.
<item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
name="accepted">, amongst many other open source projects to OWASP Spring
of Code 2007.
<item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
name="Spring of Code 2007">.
<item><bf>January 20</bf>, sqlmap version <bf>0.3</bf> is released,
featuring initial support for Microsoft SQL Server, support to test
and exploit UNION query SQL injections and injection points in POST
parameters.
</itemize>
<sect>2006
<itemize>
<item><bf>December 13</bf>, Bernardo releases version <bf>0.2</bf> with
major enhancements to the DBMS fingerprint functionalities and replacement
of the old inference algorithm with the bisection algorithm.
<item><bf>September</bf>, Daniele leaves the project, <htmlurl
url="http://bernardodamele.blogspot.com" name="Bernardo Damele A. G.">
takes it over.
<item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
version <bf>0.1</bf>.
<item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
registers the sqlmap project on SourceForge and develops it on the
<htmlurl url="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/"
name="SourceForge Subversion repository">. The skeleton is implemented and
limited support for MySQL added.
</itemize>
</article>