From a588b2020b1d2c66483026002627afd1adb9de9f Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Mon, 26 Apr 2010 15:00:53 +0000
Subject: [PATCH] Added history SGML file

---
 doc/history.sgml | 169 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 169 insertions(+)
 create mode 100644 doc/history.sgml

diff --git a/doc/history.sgml b/doc/history.sgml
new file mode 100644
index 000000000..dd2988d0c
--- /dev/null
+++ b/doc/history.sgml
@@ -0,0 +1,169 @@
+<!doctype linuxdoc system>
+
+<article>
+
+<title>sqlmap history
+<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">
+<date>Updated on April 30, 2010
+<abstract>
+Timeline history of <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
+Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
+for the latest version.
+</abstract>
+
+<toc>
+
+
+<sect>2010
+
+<itemize>
+<item><bf>...</bf>
+<item><bf>...</bf>
+<item><bf>...</bf>
+<item><bf>...</bf>
+<item><bf>...</bf>
+<item><bf>...</bf>
+</itemize>
+
+
+<sect>2009
+
+<itemize>
+<item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
+
+<item><bf>May</bf>, Bernardo presents again his research on operating
+system takeover via SQL injection at <htmlurl
+url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
+name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
+url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
+
+<item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
+is published, with all the attack vectors unveiled at Black Hat Conference.
+This include execution of arbitrary commands on the underlying operating
+system, full integration with Metasploit to establish an out-of-band
+TCP connection, first publicly available exploit for MS09-004 and others
+attacks to takeover the database server as a whole, not only the data from
+the database.
+<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides"
+name="presents"> his research (<htmlurl
+url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
+name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
+The feedback from the audience is good and there has been some 
+<htmlurl url="http://bernardodamele.blogspot.com/2009/03/black-hat-europe-2009.html"
+name="media coverage"> too.
+
+<item><bf>March 5</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-not-only-and-11"
+name="presents"> for the first time some of the sqlmap recent features and
+upcoming enhancements at an international event, <htmlurl
+url="http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009"
+name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
+is titled <em>SQL injection: Not only AND 1=1</em>.
+
+<item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
+url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
+name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
+name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
+injection exploitation to operating system full control</em>.
+
+<item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
+of 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
+sqlmap can now be used to execute arbitrarly any SQL statement, not only
+SELECTs. Also, many features have been stabilized, tweaked and improved in
+terms of speed in this release.
+
+<item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
+name="presents"> <em>SQL injection exploitation internals</em> at a
+Corporate event.
+</itemize>
+
+
+<sect>2008
+
+<itemize>
+<item><bf>December 18</bf>, to celebrate Bernardo's first daughter birthday,
+sqlmap <bf>0.6.3</bf> is released featuring support to retrieve targets
+from Burp and WebScarab proxies log files, support to test for stacked
+queries ant time-based blind SQL injection, rough fingerprint of the web
+server and web application technologies in use and more options to
+customize the HTTP requests and enumerate further data from the database.
+
+<item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
+release only.
+
+<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf> goes
+public. This includes minor bug fixes and the first contact between the
+tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
+an auxiliary module to launch sqlmap from within Metasploit Framework.
+sqlmap <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
+name="subversion development repository"> goes public again.
+
+<item><bf>September 1</bf>, nearly one year after the previous release,
+sqlmap <bf>0.6</bf> comes to life featuring the first major code
+refactoring, support to execute arbitrary SQL SELECT statements, more
+options to enumerate and dump specific information are added, brand new
+installation packages for Debian, Red Hat, Windows and much more.
+
+<item><bf>August</bf>, two public <htmlurl name="mailing lists"
+url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
+
+<item><bf>January</bf>, sqlmap development repository is moved away from
+SourceForge and goes private.
+</itemize>
+
+
+<sect>2007
+
+<itemize>
+<item><bf>December 15</bf>, Bernardo's first daughter is born and will
+keep him quite busy for the next months.
+
+<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the Spring
+of Code contest participation. Bernardo has <htmlurl
+url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
+name="accomplished"> all the propsed objects which include initial support
+for Oracle, enhanced support for UNION query SQL injection and support to
+inject on HTTP Cookie and User-Agent headers.
+
+<item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
+result of the first Spring of Code milestone. This release features,
+amongst others, improvements to the DBMS fingerprint engine, support to
+calculate the estimated time of arrival, options to enumerate specific
+data from the database server and brand new logging system.
+
+<item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
+an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
+name="accepted">, amongst many other open source projects to SpoC 2007.
+
+<item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
+url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
+name="Spring of Code 2007">.
+
+<item><bf>January 20</bf>, sqlmap version <bf>0.3</bf> is released,
+featuring initial support for Microsoft SQL Server, support to test
+and exploit UNION query SQL injections and injection points in POST
+parameters.
+</itemize>
+
+
+<sect>2006
+
+<itemize>
+<item><bf>December 13</bf>, Bernardo releases version <bf>0.2</bf> with
+major enhancements to the DBMS fingerprint functionalities and replacement
+of the old inference algorithm with the bisection algorithm.
+
+<item><bf>September</bf>, Daniele leaves the project, <htmlurl
+url="http://bernardodamele.blogspot.com" name="Bernardo Damele"> takes it
+over.
+
+<item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
+version <bf>0.1</bf>.
+
+<item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
+registers the sqlmap project on SourceForge and develops it on the
+SourceForge Subversion repository. The skeleton is implemented and limited
+support for MySQL added.
+</itemize>
+
+
+</article>