sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

layout improvements

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-20 13:19:34 +01:00
parent 8d1dd400da
commit 7f4d412f37
1 changed files with 293 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

846
doc/CHANGELOG.md
View File

@ -1,597 +1,337 @@
sqlmap (1.0-1) stable; urgency=low # sqlmap (1.0-1) stable; urgency=low
* Implemented support for automatic decoding of page content through detected * Implemented support for automatic decoding of page content through detected charset (Miroslav)
charset (Miroslav) * Implemented mechanism for proper data dumping on DBMSes not supporting LIMIT/OFFSET like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.) (Miroslav)
* Implemented mechanism for proper data dumping on DBMSes not supporting * Major improvements to program stabilization based on user reports (Miroslav)
LIMIT/OFFSET like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.) * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms (Miroslav)
(Miroslav) * Added support for setting Tor proxy type together with port (Miroslav)
* Major improvements to program stabilization based on user reports (Miroslav) * Fixed major bug with DNS leaking in Tor mode (Miroslav)
* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms * Added wordlist compilation made of the most popular cracking dictionaries (Miroslav)
(Miroslav) * Added support for mnemonics substantially helping user with program setup (Miroslav)
* Added support for setting Tor proxy type together with port (Miroslav) * Implemented multi-processor hash cracking routine(s) on Linux OS (Miroslav)
* Fixed major bug with DNS leaking in Tor mode (Miroslav) * Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method (Miroslav)
* Added wordlist compilation made of the most popular cracking dictionaries * Old resume files are now deprecated and replaced by faster SQLite based session mechanism (Miroslav)
(Miroslav) * Substantial code optimization and smaller memory footprint (Miroslav)
* Added support for mnemonics substantially helping user with program setup * Added switch -m for scanning multiple targets enlisted in a given textual file (Miroslav)
(Miroslav) * Added switch --randomize for randomly changing value of a given parameter(s) based on it's original form (Miroslav)
* Implemented multi-processor hash cracking routine(s) on Linux OS (Miroslav) * Added switch --force-ssl for forcing usage of SSL/HTTPS requests (Miroslav)
* Implemented advanced detection techniques for inband and time-based * Added switch --host for manually setting HTTP Host header value (Miroslav)
injections by usage of standard deviation method (Miroslav) * Added switch --eval for evaluating provided Python code (with resulting parameter values) right before the request itself (Miroslav)
* Old resume files are now deprecated and replaced by faster SQLite based * Added switch --skip for skipping tests for given parameter(s) (Miroslav)
session mechanism (Miroslav) * Added switch --titles for comparing pages based only on their titles (Miroslav)
* Substantial code optimization and smaller memory footprint (Miroslav) * Added switch --charset for forcing character encoding used for data retrieval (Miroslav)
* Added switch -m for scanning multiple targets enlisted in a given textual * Added switch --check-tor for checking if Tor is used properly (Miroslav)
file (Miroslav) * Added switch --crawl for multithreaded crawling of a given website starting from the target url (Miroslav)
* Added switch --randomize for randomly changing value of a given * Added switch --csv-del for manually setting delimiting character used in CSV output (Miroslav)
parameter(s) based on it's original form (Miroslav) * Added switch --hex for using DBMS hex conversion function(s) for data retrieval (Miroslav)
* Added switch --force-ssl for forcing usage of SSL/HTTPS requests (Miroslav) * Added switch --smart for conducting through tests only in case of positive heuristic(s) (Miroslav)
* Added switch --host for manually setting HTTP Host header value (Miroslav) * Added switch --check-waf for checking of existence of WAF/IPS/IDS protection (Miroslav)
* Added switch --eval for evaluating provided Python code (with resulting * Added --schema switch to enumerate DBMS schema: shows all columns of all databases' tables (Bernardo)
parameter values) right before the request itself (Miroslav) * Added --count switch to count the number of entries for a specific table or all database(s) tables (Bernardo)
* Added switch --skip for skipping tests for given parameter(s) (Miroslav) * Major improvements to --tables and --columns switches (Bernardo)
* Added switch --titles for comparing pages based only on their titles * Takeover switch --os-pwn improved: stealthier, faster and AV-proof (Bernardo)
(Miroslav) * Added --mobile switch to imitate a mobile device through HTTP User-Agent header (Miroslav)
* Added switch --charset for forcing character encoding used for data
retrieval (Miroslav)
* Added switch --check-tor for checking if Tor is used properly (Miroslav)
* Added switch --crawl for multithreaded crawling of a given website starting
from the target url (Miroslav)
* Added switch --csv-del for manually setting delimiting character used in CSV
output (Miroslav)
* Added switch --hex for using DBMS hex conversion function(s) for data
retrieval (Miroslav)
* Added switch --smart for conducting through tests only in case of positive
heuristic(s) (Miroslav)
* Added switch --check-waf for checking of existence of WAF/IPS/IDS protection
(Miroslav)
* Added --schema switch to enumerate DBMS schema: shows all columns of
all databases' tables (Bernardo)
* Added --count switch to count the number of entries for a specific
table or all database(s) tables (Bernardo)
* Major improvements to --tables and --columns switches (Bernardo)
* Takeover switch --os-pwn improved: stealthier, faster and AV-proof
(Bernardo)
* Added --mobile switch to imitate a mobile device through HTTP
User-Agent header (Miroslav)
-- Bernardo Damele A. G. <bernardo@sqlmap.org> XXX, XX XXX 2011 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> XXX, XX XXX 2011 10:00:00 +0000
sqlmap (0.9-1) stable; urgency=low # sqlmap (0.9-1) stable; urgency=low
* Rewritten SQL injection detection engine (Bernardo and Miroslav). * Rewritten SQL injection detection engine (Bernardo and Miroslav).
* Support to directly connect to the database without passing via a * Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
SQL injection, -d switch (Bernardo and Miroslav). * Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
* Added full support for both time-based blind SQL injection and * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
error-based SQL injection techniques (Bernardo and Miroslav). * Implemented support for Firebird (Bernardo and Miroslav).
* Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). * Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
* Implemented support for Firebird (Bernardo and Miroslav). * Extended old '--dump -C' functionality to be able to search for specific database(s), table(s) and column(s), --search switch (Bernardo).
* Implemented support for Microsoft Access, Sybase and SAP MaxDB * Added support to tamper injection data with --tamper switch (Bernardo and Miroslav).
(Miroslav). * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
* Extended old '--dump -C' functionality to be able to search for * Added support to enumerate roles on Oracle, --roles switch (Bernardo).
specific database(s), table(s) and column(s), --search switch * Added support for SOAP based web services requests (Bernardo).
(Bernardo). * Added support to fetch unicode data (Bernardo and Miroslav).
* Added support to tamper injection data with --tamper switch (Bernardo * Added support to use persistent HTTP(s) connection for speed improvement, --keep-alive switch (Miroslav).
and Miroslav). * Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
* Added automatic recognition of password hashes format and support to * Support to test and inject against HTTP Referer header (Miroslav).
crack them with a dictionary-based attack (Miroslav). * Implemented HTTP(s) proxy authentication support, --proxy-cred switch (Miroslav).
* Added support to enumerate roles on Oracle, --roles switch (Bernardo). * Implemented feature to speedup the enumeration of table names (Miroslav).
* Added support for SOAP based web services requests (Bernardo). * Support for customizable HTTP(s) redirections (Bernardo).
* Added support to fetch unicode data (Bernardo and Miroslav). * Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, --replicate switch (Miroslav).
* Added support to use persistent HTTP(s) connection for speed * Support to parse and test forms on target url, --forms switch (Bernardo and Miroslav).
improvement, --keep-alive switch (Miroslav). * Added switches to brute-force tables names and columns names with a dictionary attack, --common-tables and --common-columns. Useful for instance when system table 'information_schema' is not available on MySQL (Miroslav).
* Implemented several optimization switches to speed up the exploitation * Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
of SQL injections (Bernardo and Miroslav). * Added safe URL feature, --safe-url and --safe-freq (Miroslav).
* Support to test and inject against HTTP Referer header (Miroslav). * Added --text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
* Implemented HTTP(s) proxy authentication support, --proxy-cred switch * Implemented few other features and switches (Bernardo and Miroslav).
(Miroslav). * Over 100 bugs fixed (Bernardo and Miroslav).
* Implemented feature to speedup the enumeration of table names * Major code refactoring (Bernardo and Miroslav).
(Miroslav). * User's manual updated (Bernardo).
* Support for customizable HTTP(s) redirections (Bernardo).
* Support to replicate the back-end DBMS tables structure and entries
in a local SQLite 3 database, --replicate switch (Miroslav).
* Support to parse and test forms on target url, --forms switch
(Bernardo and Miroslav).
* Added switches to brute-force tables names and columns names with a
dictionary attack, --common-tables and --common-columns. Useful for
instance when system table 'information_schema' is not available on
MySQL (Miroslav).
* Basic support for REST-style URL parameters by using the asterisk (*)
to mark where to test for and exploit SQL injection (Miroslav).
* Added safe URL feature, --safe-url and --safe-freq (Miroslav).
* Added --text-only switch to strip from the HTTP response body the
HTML/JS code and compare pages based only on their textual content
(Miroslav).
* Implemented few other features and switches (Bernardo and Miroslav).
* Over 100 bugs fixed (Bernardo and Miroslav).
* Major code refactoring (Bernardo and Miroslav).
* User's manual updated (Bernardo).
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 10 Apr 2011 21:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 10 Apr 2011 21:00:00 +0000
sqlmap (0.8-1) stable; urgency=low # sqlmap (0.8-1) stable; urgency=low
* Support to enumerate and dump all databases' tables containing user * Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials (Bernardo).
provided column(s) by specifying for instance '--dump -C user,pass'. * Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo).
Useful to identify for instance tables containing custom application * Support for takeover features on PostgreSQL 8.4 (Bernardo).
credentials (Bernardo). * Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Support to parse -C (column name(s)) when fetching * Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
columns of a table with --columns: it will enumerate only columns like * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn useful when web application does not support stacked queries (Bernardo).
the provided one(s) within the specified table (Bernardo). * Added support to properly read (--read-file) also binary files via PostgreSQL by injecting sqlmap new sys_fileread() user-defined function (Bernardo and Miroslav).
* Support for takeover features on PostgreSQL 8.4 (Bernardo). * Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
* Enhanced --priv-esc to rely on new Metasploit Meterpreter's * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
'getsystem' command to elevate privileges of the user running the * Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
back-end DBMS instance to SYSTEM on Windows (Bernardo). * Support to automatically decode deflate, gzip and x-gzip HTTP responses (Miroslav).
* Automatic support in --os-pwn to use the web uploader/backdoor to * Support for Certificate authentication, --auth-cert option added (Miroslav).
upload and execute the Metasploit payload stager when stacked queries * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav).
SQL injection is not supported, for instance on MySQL/PHP and * Added option (-r) to load a single HTTP request from a text file (Miroslav).
MySQL/ASP, but there is a writable folder within the web server * Added option (--ignore-proxy) to ignore system default HTTP proxy (Miroslav).
document root (Bernardo and Miroslav). * Added support to ignore Set-Cookie in HTTP responses, --drop-set-cookie (Miroslav).
* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn * Added support to specify which Google dork result page to parse, --gpage to be used together with -g (Miroslav).
useful when web application does not support stacked queries (Bernardo). * Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav).
* Added support to properly read (--read-file) also binary files via * Fixed URL encoding/decoding of GET/POST parameters and Cookie header (Miroslav).
PostgreSQL by injecting sqlmap new sys_fileread() user-defined * Refactored --update to use python-svn third party library if available or 'svn' command to update sqlmap to the latest development version from subversion repository (Bernardo and Miroslav).
function (Bernardo and Miroslav). * Major bugs fixed (Bernardo and Miroslav).
* Updated active fingerprint and comment injection fingerprint for * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo and Miroslav).
MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo). * Major code cleanup (Miroslav).
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo). * Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware (Miroslav).
* Support for NTLM authentication via python-ntlm third party library, * Updated user's manual (Bernardo and Miroslav).
http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo). * Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://www.sqlmap.org/demo.html (Bernardo).
* Support to automatically decode deflate, gzip and x-gzip HTTP
responses (Miroslav).
* Support for Certificate authentication, --auth-cert option added
(Miroslav).
* Added support for regular expression based scope when parsing Burp or
Web Scarab proxy log file (-l), --scope (Miroslav).
* Added option (-r) to load a single HTTP request from a text file
(Miroslav).
* Added option (--ignore-proxy) to ignore system default HTTP proxy
(Miroslav).
* Added support to ignore Set-Cookie in HTTP responses,
--drop-set-cookie (Miroslav).
* Added support to specify which Google dork result page to parse,
--gpage to be used together with -g (Miroslav).
* Major bug fix and enhancements to the multi-threading (--threads)
functionality (Miroslav).
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header
(Miroslav).
* Refactored --update to use python-svn third party library if available
or 'svn' command to update sqlmap to the latest development version
from subversion repository (Bernardo and Miroslav).
* Major bugs fixed (Bernardo and Miroslav).
* Cleanup of UDF source code repository,
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
and Miroslav).
* Major code cleanup (Miroslav).
* Added simple file encryption/compression utility, extra/cloak/cloak.py,
used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
shells consequently reducing drastically the number of anti-virus
softwares that mistakenly mark sqlmap as a malware (Miroslav).
* Updated user's manual (Bernardo and Miroslav).
* Created several demo videos, hosted on YouTube
(http://www.youtube.com/user/inquisb) and linked from
http://www.sqlmap.org/demo.html (Bernardo).
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 14 Mar 2010 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 14 Mar 2010 10:00:00 +0000
sqlmap (0.8rc1-1) stable; urgency=low # sqlmap (0.8rc1-1) stable; urgency=low
* Major enhancement to the Microsoft SQL Server stored procedure * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection.
heap-based buffer overflow exploit (--os-bof) to automatically bypass * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable.
DEP memory protection. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode * Added options for MySQL and PostgreSQL to inject custom user-defined functions.
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output.
option instead of uploading the standalone payload stager executable. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system.
read/add/delete Windows registry keys. * Minor bugs fixed.
* Added options for MySQL and PostgreSQL to inject custom user-defined * Major code refactoring.
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Mon, 21 Sep 2009 15:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Mon, 21 Sep 2009 15:00:00 +0000
sqlmap (0.7-1) stable; urgency=low # sqlmap (0.7-1) stable; urgency=low
* Adapted Metasploit wrapping functions to work with latest 3.3 * Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
development version too. * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too. * Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
* Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or * Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
--os-bof is selected) when running under Windows because msfconsole * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
and msfcli are not supported on the native Windows Ruby interpreter. * Major bug fix to sql-query/sql-shell features.
This make sqlmap 0.7 to work again on Windows too. * Major bug fix in --read-file option.
* Minor improvement so that sqlmap tests also all parameters with no * Major silent bug fix to multi-threading functionality.
value (eg. par=). * Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and --os-shell is provided.
* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and * Fixed MySQL 'comment injection' version fingerprint.
2.6+. * Fixed basic Microsoft SQL Server 2000 fingerprint.
* Major bug fix to sql-query/sql-shell features. * Many minor bug fixes and code refactoring.
* Major bug fix in --read-file option.
* Major silent bug fix to multi-threading functionality.
* Fixed the web backdoor functionality (for MySQL) when (usually) stacked
queries are not supported and --os-shell is provided.
* Fixed MySQL 'comment injection' version fingerprint.
* Fixed basic Microsoft SQL Server 2000 fingerprint.
* Many minor bug fixes and code refactoring.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sat, 25 Jul 2009 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sat, 25 Jul 2009 10:00:00 +0000
sqlmap (0.7rc1-1) stable; urgency=low # sqlmap (0.7rc1-1) stable; urgency=low
* Added support to execute arbitrary commands on the database server * Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;
underlying operating system either returning the standard output or not * Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored * Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
procedure on Microsoft SQL Server; * Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
* Added support for out-of-band connection between the attacker box and * Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
the database server underlying operating system via stand-alone payload * Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable;
stager created by Metasploit and supporting Meterpreter, shell and VNC * Speed up the inference algorithm by providing the minimum required charset for the query output;
payloads for both Windows and Linux; * Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little;
* Added support for out-of-band connection via Microsoft SQL Server 2000 * Many minor bug fixes, minor enhancements and layout adjustments.
and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer
overflow (MS09-004) exploitation with multi-stage Metasploit payload
support;
* Added support for out-of-band connection via SMB reflection attack with
UNC path request from the database server to the attacker box by using
the Metasploit smb_relay exploit;
* Added support to read and write (upload) both text and binary files on
the database server underlying file system for MySQL, PostgreSQL and
Microsoft SQL Server;
* Added database process' user privilege escalation via Windows Access
Tokens kidnapping on MySQL and Microsoft SQL Server via either
Meterpreter's incognito extension or Churrasco stand-alone executable;
* Speed up the inference algorithm by providing the minimum required
charset for the query output;
* Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little;
* Many minor bug fixes, minor enhancements and layout adjustments.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Wed, 22 Apr 2009 10:30:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Wed, 22 Apr 2009 10:30:00 +0000
sqlmap (0.6.4-1) stable; urgency=low # sqlmap (0.6.4-1) stable; urgency=low
* Major enhancement to make the comparison algorithm work properly also * Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object;
on url not stables automatically by using the difflib Sequence Matcher * Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology;
object; * Major speed increase in DBMS basic fingerprint;
* Major enhancement to support SQL data definition statements, SQL data * Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator;
manipulation statements, etc from user in SQL query and SQL shell if * Minor enhancement to support an option (--union-tech) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing;
stacked queries are supported by the web application technology; * Added internal support to forge CASE statements, used only by --is-dba query at the moment;
* Major speed increase in DBMS basic fingerprint; * Minor layout adjustment to the --update output;
* Minor enhancement to support an option (--is-dba) to show if the * Increased default timeout to 30 seconds;
current user is a database management system administrator; * Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle;
* Minor enhancement to support an option (--union-tech) to specify the * Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable;
technique to use to detect the number of columns used in the web * Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server;
application SELECT statement: NULL bruteforcing (default) or ORDER BY * Minor bug fix to make the --postfix work even if --prefix is not provided;
clause bruteforcing; * Updated documentation.
* Added internal support to forge CASE statements, used only by --is-dba
query at the moment;
* Minor layout adjustment to the --update output;
* Increased default timeout to 30 seconds;
* Major bug fix to correctly handle custom SQL "limited" queries on
Microsoft SQL Server and Oracle;
* Major bug fix to avoid tracebacks when multiple targets are specified
and one of them is not reachable;
* Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server;
* Minor bug fix to make the --postfix work even if --prefix is not
provided;
* Updated documentation.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Tue, 3 Feb 2009 23:30:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Tue, 3 Feb 2009 23:30:00 +0000
sqlmap (0.6.3-1) stable; urgency=low # sqlmap (0.6.3-1) stable; urgency=low
* Major enhancement to get list of targets to test from Burp proxy * Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l <filepath>;
(http://portswigger.net/suite/) requests log file path or WebScarab * Major enhancement to support Partial UNION query SQL injection technique too;
proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) * Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option --stacked-test which will be then used someday also by takeover functionality;
'conversations/' folder path by providing option -l <filepath>; * Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option --time-test;
* Major enhancement to support Partial UNION query SQL injection * Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers;
technique too; * Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided;
* Major enhancement to test if the web application technology supports * Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option --timeout #, default is set to 10 seconds and must be 3 or higher;
stacked queries (multiple statements) by providing option * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option --delay #;
--stacked-test which will be then used someday also by takeover * Minor enhancement to be able to get the injection payload --prefix and --postfix from user;
functionality; * Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
* Major enhancement to test if the injectable parameter is affected by * Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content;
a time based blind SQL injection technique by providing option * Minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set;
--time-test; * Minor improvement to be able to provide CU (as current user) as user value (-U) when enumerating users privileges or users passwords;
* Minor enhancement to fingerprint the web server operating system and * Minor improvements to sqlmap Debian package files;
the web application technology by parsing some HTTP response headers; * Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations;
* Minor enhancement to fingerprint the back-end DBMS operating system by * Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url;
parsing the DBMS banner value when -b option is provided; * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
* Minor enhancement to be able to specify the number of seconds before * Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified;
timeout the connection by providing option --timeout #, default is set * Minor bug fix to correctly dump table entries when the column is provided;
to 10 seconds and must be 3 or higher; * Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests;
* Minor enhancement to be able to specify the number of seconds to wait * Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread;
between each HTTP request by providing option --delay #; * Increased default output level from 0 to 1;
* Minor enhancement to be able to get the injection payload --prefix and * Updated documentation.
--postfix from user;
* Minor enhancement to be able to enumerate table columns and dump table
entries, also when the database name is not provided, by using the
current database on MySQL and Microsoft SQL Server, the 'public'
scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
* Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content;
* Minor enhancement to be able to specify extra HTTP headers by providing
option --headers. By default Accept, Accept-Language and Accept-Charset
headers are set;
* Minor improvement to be able to provide CU (as current user) as user
value (-U) when enumerating users privileges or users passwords;
* Minor improvements to sqlmap Debian package files;
* Minor improvement to use Python psyco (http://psyco.sourceforge.net/)
library if available to speed up the sqlmap algorithmic operations;
* Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url;
* Major bug fix to correctly enumerate columns on Microsoft SQL Server;
* Major bug fix so that when the user provide a SELECT statement to be
processed with an asterisk as columns, now it also work if in the FROM
there is no database name specified;
* Minor bug fix to correctly dump table entries when the column is
provided;
* Minor bug fix to correctly handle session.error, session.timeout and
httplib.BadStatusLine exceptions in HTTP requests;
* Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread;
* Increased default output level from 0 to 1;
* Updated documentation.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Thu, 18 Dec 2008 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Thu, 18 Dec 2008 10:00:00 +0000
sqlmap (0.6.2-1) stable; urgency=low # sqlmap (0.6.2-1) stable; urgency=low
* Major bug fix to correctly dump tables entries when --stop is not * Major bug fix to correctly dump tables entries when --stop is not specified;
specified; * Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0;
* Major bug fix so that the users' privileges enumeration now works * Major bug fix when the request is POST to also send the GET parameters if any have been provided;
properly also on both MySQL < 5.0 and MySQL >= 5.0; * Major bug fix to correctly update sqlmap to the latest stable release with command line --update;
* Major bug fix when the request is POST to also send the GET parameters * Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file;
if any have been provided; * Minor bug fix in MySQL comment injection fingerprint technique;
* Major bug fix to correctly update sqlmap to the latest stable release * Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database;
with command line --update; * Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided;
* Major bug fix so that when the expected value of a query (count * Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
variable) is an integer and, for some reasons, its resumed value from * More user-friendly warning messages.
the session file is a string or a binary file, the query is executed
again and its new output saved to the session file;
* Minor bug fix in MySQL comment injection fingerprint technique;
* Minor improvement to correctly enumerate tables, columns and dump
tables entries on Oracle and on PostgreSQL when the database name is
not 'public' schema or a system database;
* Minor improvement to be able to dump entries on MySQL < 5.0 when
database name, table name and column(s) are provided;
* Updated the database management system fingerprint checks to correctly
identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
* More user-friendly warning messages.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 2 Nov 2008 19:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 2 Nov 2008 19:00:00 +0000
sqlmap (0.6.1-1) stable; urgency=low # sqlmap (0.6.1-1) stable; urgency=low
* Major bug fix to blind SQL injection bisection algorithm to handle an * Major bug fix to blind SQL injection bisection algorithm to handle an exception;
exception; * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
* Added a Metasploit Framework 3 auxiliary module to run sqlmap; * Implemented possibility to test for and inject also on LIKE statements;
* Implemented possibility to test for and inject also on LIKE * Implemented --start and --stop options to set the first and the last table entry to dump;
statements; * Added non-interactive/batch-mode (--batch) option to make it easy to wrap sqlmap in Metasploit and any other tool;
* Implemented --start and --stop options to set the first and the last * Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
table entry to dump; * Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore;
* Added non-interactive/batch-mode (--batch) option to make it easy to * Minor bug fix to correctly handle parameters' value with % character.
wrap sqlmap in Metasploit and any other tool;
* Minor enhancement to save also the length of query output in the
session file when retrieving the query output length for ETA or for
resume purposes;
* Changed the order sqlmap dump table entries from column by column to
row by row. Now it also dumps entries as they are stored in the tables,
not forcing the entries' order alphabetically anymore;
* Minor bug fix to correctly handle parameters' value with % character.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Fri, 20 Oct 2008 10:00:00 +0000 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Fri, 20 Oct 2008 10:00:00 +0000
sqlmap (0.6-1) stable; urgency=low # sqlmap (0.6-1) stable; urgency=low
* Complete code refactor and many bugs fixed; * Complete code refactor and many bugs fixed;
* Added multithreading support to set the maximum number of concurrent * Added multithreading support to set the maximum number of concurrent HTTP requests;
HTTP requests; * Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;
* Implemented SQL shell (--sql-shell) functionality and fixed SQL query * Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;
(--sql-query, before called -e) to be able to run whatever SELECT * Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file;
statement and get its output in both inband and blind SQL injection * Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with --update option;
attack; * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;
* Added an option (--privileges) to retrieve DBMS users privileges, it * Created sqlmap .exe (Windows) portable executable;
also notifies if the user is a DBMS administrator; * Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;
* Added support (-c) to read options from configuration file, an example * Improved automatic check for parenthesis when testing and forging SQL query vector;
of valid INI file is sqlmap.conf and support (--save) to save command * Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;
line options on a configuration file; * Implemented support for HTTPS requests over HTTP(S) proxy;
* Created a function that updates the whole sqlmap to the latest stable * Added a check to handle NULL or not available queries output;
version available by running sqlmap with --update option; * More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;
* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) * Improved XML files structure;
installation binary packages; * Implemented the possibility to change the HTTP Referer header;
* Created sqlmap .exe (Windows) portable executable; * Added support to resume from session file also when running with inband SQL injection attack;
* Save a lot of more information to the session file, useful when * Added an option (--os-shell) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;
resuming injection on the same target to not loose time on identifying * Added a check to assure that the provided string to match (--string) is within the page content;
injection, UNION fields and back-end DBMS twice or more times; * Fixed various queries in XML file;
* Improved automatic check for parenthesis when testing and forging SQL * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;
query vector; * Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;
* Now it checks for SQL injection on all GET/POST/Cookie parameters then * Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;
it lets the user select which parameter to perform the injection on in * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;
case that more than one is injectable; * Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;
* Implemented support for HTTPS requests over HTTP(S) proxy; * Added support to inject also on Set-Cookie parameters;
* Added a check to handle NULL or not available queries output; * Implemented TAB completion and command history on both --sql-shell and --os-shell;
* More entropy (randomStr() and randomInt() functions in * Renamed some command line options;
lib/core/common.py) in inband SQL injection concatenated query and in * Added a conversion library;
AND condition checks; * Added code schema and reminders for future developments;
* Improved XML files structure; * Added Copyright comment and $Id$;
* Implemented the possibility to change the HTTP Referer header; * Updated the command line layout and help messages;
* Added support to resume from session file also when running with * Updated some docstrings;
inband SQL injection attack; * Updated documentation files.
* Added an option (--os-shell) to execute operating system commands if
the back-end DBMS is MySQL, the web server has the PHP engine active
and permits write access on a directory within the document root;
* Added a check to assure that the provided string to match (--string)
is within the page content;
* Fixed various queries in XML file;
* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
the library to parse it;
* Fixed password fetching function, mainly for Microsoft SQL Server and
reviewed the password hashes parsing function;
* Major bug fixed to avoid tracebacks when the testable parameter(s) is
dynamic, but not injectable;
* Enhanced logging system: added three more levels of verbosity to show
also HTTP sent and received traffic;
* Enhancement to handle Set-Cookie from target url and automatically
re-establish the Session when it expires;
* Added support to inject also on Set-Cookie parameters;
* Implemented TAB completion and command history on both --sql-shell and
--os-shell;
* Renamed some command line options;
* Added a conversion library;
* Added code schema and reminders for future developments;
* Added Copyright comment and $Id$;
* Updated the command line layout and help messages;
* Updated some docstrings;
* Updated documentation files.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Mon, 1 Sep 2008 10:00:00 +0100 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Mon, 1 Sep 2008 10:00:00 +0100
sqlmap (0.5-1) stable; urgency=low # sqlmap (0.5-1) stable; urgency=low
* Added support for Oracle database management system * Added support for Oracle database management system
* Extended inband SQL injection functionality (--union-use) to all * Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins;
other possible queries since it only worked with -e and --file on * Added support to extract database users password hash on Microsoft SQL Server;
all DMBS plugins; * Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
* Added support to extract database users password hash on Microsoft * Added support for SQL injection on HTTP Cookie and User-Agent headers;
SQL Server; * Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind();
* Added a fuzzer function with the aim to parse HTML page looking * Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
for standard database error messages consequently improving * Implemented --dump-all functionality to dump entire DBMS data from all databases tables;
database fingerprinting; * Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (--exclude-sysdbs);
* Added support for SQL injection on HTTP Cookie and User-Agent headers; * Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;
* Reviewed HTTP request library (lib/request.py) to support the * Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;
extended inband SQL injection functionality. Splitted getValue() * Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;
into getInband() and getBlind(); * Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;
* Major enhancements in common library and added checkForBrackets() * Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (-g);
method to check if the bracket(s) are needed to perform a UNION query * Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces;
SQL injection attack; * More minor layout enhancements in some libraries;
* Implemented --dump-all functionality to dump entire DBMS data from * Renamed DMBS plugins;
all databases tables; * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
* Added support to exclude DBMS system databases' when enumeration * Updated all documentation files.
tables and dumping their entries (--exclude-sysdbs);
* Implemented in Dump.dbTableValues() method the CSV file dumped data
automatic saving in csv/ folder by default;
* Added DB2, Informix and Sybase DBMS error messages and minor
improvements in xml/errors.xml;
* Major improvement in all three DBMS plugins so now sqlmap does not
get entire databases' tables structure when all of database/table/
column are specified to be dumped;
* Important fixes in lib/option.py to make sqlmap properly work also
with python 2.5 and handle the CSV dump files creation work also
under Windows operating system, function __setCSVDir() and fixed
also in lib/dump.py;
* Minor enhancement in lib/injection.py to randomize the number
requested to test the presence of a SQL injection affected parameter
and implemented the possibilities to break (q) the for cycle when
using the google dork option (-g);
* Minor fix in lib/request.py to properly encode the url to request
in case the "fixed" part of the url has blank spaces;
* More minor layout enhancements in some libraries;
* Renamed DMBS plugins;
* Complete code refactoring, a lot of minor and some major fixes in
libraries, many minor improvements;
* Updated all documentation files.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 4 Nov 2007 20:00:00 +0100 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sun, 4 Nov 2007 20:00:00 +0100
sqlmap (0.4-1) stable; urgency=low # sqlmap (0.4-1) stable; urgency=low
* Added DBMS fingerprint based also upon HTML error messages parsing * Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;
defined in lib/parser.py which reads an XML file defining default * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
error messages for each supported DBMS; * Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta);
* Added Microsoft SQL Server extensive DBMS fingerprint checks based * Added support to extract database management system users password hash on MySQL and PostgreSQL (--passwords);
upon accurate '@@version' parsing matching on an XML file to get also * Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://www.sqlmap.org/dev/>;
the exact patching level of the DBMS; * Implemented Google dorking feature (-g) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
* Added support for query ETA (Estimated Time of Arrival) real time * Improved logging functionality: passed from banal 'print' to Python native logging library;
calculation (--eta); * Added support for more than one parameter in '-p' command line option;
* Added support to extract database management system users password * Added support for HTTP Basic and Digest authentication methods (--basic-auth and --digest-auth);
hash on MySQL and PostgreSQL (--passwords); * Added the command line option '--remote-dbms' to manually specify the remote DBMS;
* Added docstrings to all functions, classes and methods, consequently * Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters ('--' and '#') in UNION query statements;
released the sqlmap development documentation * Added the possibility to save the output into a file while performing the queries (-o OUTPUTFILE) so it is possible to stop and resume the same query output retrieving in a second time (--resume);
<http://www.sqlmap.org/dev/>; * Added support to specify the database table column to enumerate (-C COL);
* Implemented Google dorking feature (-g) to take advantage of Google * Added inband SQL injection (UNION query) support (--union-use);
results affected by SQL injection to perform other command line * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
argument on their DBMS; * Reviewed the directory tree structure;
* Improved logging functionality: passed from banal 'print' to Python * Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py;
native logging library; * Updated documentation files.
* Added support for more than one parameter in '-p' command line
option;
* Added support for HTTP Basic and Digest authentication methods
(--basic-auth and --digest-auth);
* Added the command line option '--remote-dbms' to manually specify
the remote DBMS;
* Major improvements in union.UnionCheck() and union.UnionUse()
functions to make it possible to exploit inband SQL injection also
with database comment characters ('--' and '#') in UNION query
statements;
* Added the possibility to save the output into a file while performing
the queries (-o OUTPUTFILE) so it is possible to stop and resume the
same query output retrieving in a second time (--resume);
* Added support to specify the database table column to enumerate
(-C COL);
* Added inband SQL injection (UNION query) support (--union-use);
* Complete code refactoring, a lot of minor and some major fixes in
libraries, many minor improvements;
* Reviewed the directory tree structure;
* Splitted lib/common.py: inband injection functionalities now are
moved to lib/union.py;
* Updated documentation files.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Fri, 15 Jun 2007 20:00:00 +0100 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Fri, 15 Jun 2007 20:00:00 +0100
sqlmap (0.3-1) stable; urgency=low # sqlmap (0.3-1) stable; urgency=low
* Added module for MS SQL Server; * Added module for MS SQL Server;
* Strongly improved MySQL dbms active fingerprint and added MySQL * Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;
comment injection check; * Added PostgreSQL dbms active fingerprint;
* Added PostgreSQL dbms active fingerprint; * Added support for string match (--string);
* Added support for string match (--string); * Added support for UNION check (--union-check);
* Added support for UNION check (--union-check); * Removed duplicated code, delegated most of features to the engine in common.py and option.py;
* Removed duplicated code, delegated most of features to the engine * Added support for --data command line argument to pass the string for POST requests;
in common.py and option.py; * Added encodeParams() method to encode url parameters before making http request;
* Added support for --data command line argument to pass the string * Many bug fixes;
for POST requests; * Rewritten documentation files;
* Added encodeParams() method to encode url parameters before making * Complete code restyling.
http request;
* Many bug fixes;
* Rewritten documentation files;
* Complete code restyling.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Sat, 20 Jan 2007 20:00:00 +0100 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Sat, 20 Jan 2007 20:00:00 +0100
sqlmap (0.2-1) stable; urgency=low # sqlmap (0.2-1) stable; urgency=low
* complete refactor of entire program; * complete refactor of entire program;
* added TODO and THANKS files; * added TODO and THANKS files;
* added some papers references in README file; * added some papers references in README file;
* moved headers to user-agents.txt, now -f parameter specifies a file * moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;
(user-agents.txt) and randomize the selection of User-Agent header; * strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;
* strongly improved program plugins (mysqlmap.py and postgres.py), * replaced old inference algorithm with a new bisection algorithm.
major enhancements: * reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;
* improved active mysql fingerprint check_dbms(); * improved Common class, adding support for http proxy and http post method in hash_page;
* improved enumeration functions for both databases; * added OptionCheck class in option.py which performs all needed checks on command line parameters and values;
* minor changes in the unescape() functions; * added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;
* replaced old inference algorithm with a new bisection algorithm. * improved output methods in dump.py;
* reviewed command line parameters, now with -p it's possible to * layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.
specify the parameter you know it's vulnerable to sql injection,
this way the script won't perform the sql injection checks itself;
removed the TOKEN parameter;
* improved Common class, adding support for http proxy and http post
method in hash_page;
* added OptionCheck class in option.py which performs all needed checks
on command line parameters and values;
* added InjectionCheck class in injection.py which performs check on
url stability, dynamics of parameters and injection on dynamic url
parameters;
* improved output methods in dump.py;
* layout enhancement on main program file (sqlmap.py), adapted to call
new option/injection classes and improvements on catching of
exceptions.
-- Bernardo Damele A. G. <bernardo@sqlmap.org> Wed, 13 Dec 2006 20:00:00 +0100 -- Bernardo Damele A. G. <bernardo@sqlmap.org> Wed, 13 Dec 2006 20:00:00 +0100