Merge branch 'master' of github.com:sqlmapproject/sqlmap

This commit is contained in:
Miroslav Stampar 2012-08-30 14:22:35 +02:00
commit f79ed0fb76

View File

@ -1,7 +1,7 @@
# Version 1.0 (upcoming) # Version 1.0 (upcoming)
* Implemented support for automatic decoding of page content through detected charset. * Implemented support for automatic decoding of page content through detected charset.
* Implemented mechanism for proper data dumping on DBMSes not supporting ```LIMIT/OFFSET``` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.). * Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
* Major improvements to program stabilization based on user reports. * Major improvements to program stabilization based on user reports.
* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms. * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
* Added support for setting Tor proxy type together with port. * Added support for setting Tor proxy type together with port.
@ -12,22 +12,22 @@
* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method. * Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.
* Old resume files are now deprecated and replaced by faster SQLite based session mechanism. * Old resume files are now deprecated and replaced by faster SQLite based session mechanism.
* Substantial code optimization and smaller memory footprint. * Substantial code optimization and smaller memory footprint.
* Added option ```-m``` for scanning multiple targets enlisted in a given textual file. * Added option `-m` for scanning multiple targets enlisted in a given textual file.
* Added option ```--randomize``` for randomly changing value of a given parameter(s) based on it's original form. * Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form.
* Added switch ```--force-ssl``` for forcing usage of SSL/HTTPS requests. * Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests.
* Added option ```--host``` for manually setting HTTP Host header value. * Added option `--host` for manually setting HTTP Host header value.
* Added option ```--eval``` for evaluating provided Python code (with resulting parameter values) right before the request itself. * Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself.
* Added option ```--skip``` for skipping tests for given parameter(s). * Added option `--skip` for skipping tests for given parameter(s).
* Added switch ```--titles``` for comparing pages based only on their titles. * Added switch `--titles` for comparing pages based only on their titles.
* Added option ```--charset``` for forcing character encoding used for data retrieval. * Added option `--charset` for forcing character encoding used for data retrieval.
* Added switch ```--check-tor``` for checking if Tor is used properly. * Added switch `--check-tor` for checking if Tor is used properly.
* Added option ```--crawl``` for multithreaded crawling of a given website starting from the target url. * Added option `--crawl` for multithreaded crawling of a given website starting from the target url.
* Added option ```--csv-del``` for manually setting delimiting character used in CSV output. * Added option `--csv-del` for manually setting delimiting character used in CSV output.
* Added switch ```--hex``` for using DBMS hex conversion function(s) for data retrieval. * Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.
* Added switch ```--smart``` for conducting through tests only in case of positive heuristic(s). * Added switch `--smart` for conducting through tests only in case of positive heuristic(s).
* Added switch ```--check-waf``` for checking of existence of WAF/IPS/IDS protection. * Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection.
* Added switch ```--schema``` to enumerate DBMS schema: shows all columns of all databases' tables. * Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.
* Added switch ```--count``` to count the number of entries for a specific table or all database(s) tables. * Added switch `--count` to count the number of entries for a specific table or all database(s) tables.
* Major improvements to switches --tables and --columns. * Major improvements to switches --tables and --columns.
* Takeover switch --os-pwn improved: stealthier, faster and AV-proof. * Takeover switch --os-pwn improved: stealthier, faster and AV-proof.
* Added switch --mobile to imitate a mobile device through HTTP User-Agent header. * Added switch --mobile to imitate a mobile device through HTTP User-Agent header.
@ -35,29 +35,29 @@
# Version 0.9 (2011-04-10) # Version 0.9 (2011-04-10)
* Rewritten SQL injection detection engine. * Rewritten SQL injection detection engine.
* Support to directly connect to the database without passing via a SQL injection, option ```-d```. * Support to directly connect to the database without passing via a SQL injection, option `-d`.
* Added full support for both time-based blind SQL injection and error-based SQL injection techniques. * Added full support for both time-based blind SQL injection and error-based SQL injection techniques.
* Implemented support for SQLite 2 and 3. * Implemented support for SQLite 2 and 3.
* Implemented support for Firebird. * Implemented support for Firebird.
* Implemented support for Microsoft Access, Sybase and SAP MaxDB. * Implemented support for Microsoft Access, Sybase and SAP MaxDB.
* Extended old ```--dump -C``` functionality to be able to search for specific database(s), table(s) and column(s), option ```--search```. * Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`.
* Added support to tamper injection data with option ```--tamper```. * Added support to tamper injection data with option `--tamper`.
* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack. * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
* Added support to enumerate roles on Oracle, --roles switch. * Added support to enumerate roles on Oracle, --roles switch.
* Added support for SOAP based web services requests. * Added support for SOAP based web services requests.
* Added support to fetch unicode data. * Added support to fetch unicode data.
* Added support to use persistent HTTP(s) connection for speed improvement, switch ```--keep-alive```. * Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`.
* Implemented several optimization switches to speed up the exploitation of SQL injections. * Implemented several optimization switches to speed up the exploitation of SQL injections.
* Support to test and inject against HTTP Referer header. * Support to test and inject against HTTP Referer header.
* Implemented HTTP(s) proxy authentication support, option ```--proxy-cred```. * Implemented HTTP(s) proxy authentication support, option `--proxy-cred`.
* Implemented feature to speedup the enumeration of table names. * Implemented feature to speedup the enumeration of table names.
* Support for customizable HTTP(s) redirections. * Support for customizable HTTP(s) redirections.
* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch ```--replicate```. * Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`.
* Support to parse and test forms on target url, switch ```--forms```. * Support to parse and test forms on target url, switch `--forms`.
* Added switches to brute-force tables names and columns names with a dictionary attack, ```--common-tables``` and ```--common-columns```. Useful for instance when system table ```information_schema``` is not available on MySQL. * Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL.
* Basic support for REST-style URL parameters by using the asterisk (```*```) to mark where to test for and exploit SQL injection. * Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection.
* Added safe URL feature, ```--safe-url``` and ```--safe-freq```. * Added safe URL feature, `--safe-url` and `--safe-freq`.
* Added switch ```--text-only``` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content. * Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content.
* Implemented few other features and switches. * Implemented few other features and switches.
* Over 100 bugs fixed. * Over 100 bugs fixed.
* Major code refactoring. * Major code refactoring.
@ -65,26 +65,26 @@
# Version 0.8 (2010-03-14) # Version 0.8 (2010-03-14)
* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance ```--dump -C user,pass```. Useful to identify for instance tables containing custom application credentials. * Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials.
* Support to parse ```-C``` (column name(s)) when fetching columns of a table with ```--columns```: it will enumerate only columns like the provided one(s) within the specified table. * Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table.
* Support for takeover features on PostgreSQL 8.4. * Support for takeover features on PostgreSQL 8.4.
* Enhanced ```--priv-esc``` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. * Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows.
* Automatic support in ```--os-pwn``` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root. * Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root.
* Fixed web backdoor functionality for ```--os-cmd```, ```--os-shell``` and ```--os-pwn``` useful when web application does not support stacked queries. * Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries.
* Added support to properly read (```--read-file```) also binary files via PostgreSQL by injecting sqlmap new ```sys_fileread()``` user-defined function. * Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function.
* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5. * Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5.
* Updated active fingerprint for PostgreSQL 8.4. * Updated active fingerprint for PostgreSQL 8.4.
* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, ```--auth-type NTLM```. * Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`.
* Support to automatically decode ```deflate```, ```gzip``` and ```x-gzip``` HTTP responses. * Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses.
* Support for Certificate authentication, ```--auth-cert``` option added. * Support for Certificate authentication, `--auth-cert` option added.
* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (```-l```), ```--scope```. * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`.
* Added option ```-r``` to load a single HTTP request from a text file. * Added option `-r` to load a single HTTP request from a text file.
* Added switch ```--ignore-proxy``` to ignore the system default HTTP proxy. * Added switch `--ignore-proxy` to ignore the system default HTTP proxy.
* Added support to ignore Set-Cookie in HTTP responses, ```--drop-set-cookie```. * Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`.
* Added support to specify which Google dork result page to parse, ```--gpage``` to be used together with ```-g```. * Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`.
* Major bug fix and enhancements to the multi-threading (```--threads```) functionality. * Major bug fix and enhancements to the multi-threading (`--threads`) functionality.
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header. * Fixed URL encoding/decoding of GET/POST parameters and Cookie header.
* Refactored ```--update``` to use ```python-svn``` third party library if available or ```svn``` command to update sqlmap to the latest development version from subversion repository. * Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository.
* Major bugs fixed. * Major bugs fixed.
* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack. * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
* Major code cleanup. * Major code cleanup.