Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c1010c20d8 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2008-12-30 21:24:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d62af2ea 
							
						 
					 
					
						
						
							
							Minor layout adjustments to --union-tech  
						
						
						
					 
					
						2008-12-29 18:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9340bf59fb 
							
						 
					 
					
						
						
							
							Updated Microsoft SQL Server signature XML file.  
						
						... 
						
						
						
						Minor layout adjustments to --update output messages/diff 
						
					 
					
						2008-12-29 18:46:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c83593c044 
							
						 
					 
					
						
						
							
							Limited custom query now works also on Oracle in inferential blind SQL  
						
						... 
						
						
						
						injection technique 
						
					 
					
						2008-12-23 23:34:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							64bb57d786 
							
						 
					 
					
						
						
							
							Minor bug fix to make the Partial UNION query SQL injection technique  
						
						... 
						
						
						
						work properly also on Oracle and Microsoft SQL Server. 
						
					 
					
						2008-12-22 22:48:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1f7810e46a 
							
						 
					 
					
						
						
							
							Major bug fix to make partial UNION query sql injection work properly  
						
						... 
						
						
						
						also on Microsoft SQL Server 
						
					 
					
						2008-12-22 19:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							04c187c66a 
							
						 
					 
					
						
						
							
							Working on a bug (fix for Partial UNION query SQL injection technique  
						
						... 
						
						
						
						both Oracle and Microsoft SQL Server). 
						
					 
					
						2008-12-22 00:51:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f406b3e56 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2008-12-22 00:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4ae464c80d 
							
						 
					 
					
						
						
							
							Minor enhancement to support an option (--union-tech) to specify the  
						
						... 
						
						
						
						technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause. 
						
					 
					
						2008-12-21 21:39:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							35708a0b97 
							
						 
					 
					
						
						
							
							Minor adjustment to UNION query SQL injection detection function.  
						
						... 
						
						
						
						Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py. 
						
					 
					
						2008-12-21 16:35:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							996a872e51 
							
						 
					 
					
						
						
							
							We are already on sqlmap 0.6.4 release candidate 1..  
						
						
						
					 
					
						2008-12-20 13:23:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c18efe5084 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2008-12-20 13:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d06975142 
							
						 
					 
					
						
						
							
							Major enhancement to make the comparison algorithm work properly also  
						
						... 
						
						
						
						on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo 
						
					 
					
						2008-12-20 01:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e8ac16245 
							
						 
					 
					
						
						
							
							Added preventive check for stacked queries support when executing DDL,  
						
						... 
						
						
						
						DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched). 
						
					 
					
						2008-12-19 20:48:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad228e6947 
							
						 
					 
					
						
						
							
							Ahead with the improvements to the comparison algorithm.  
						
						... 
						
						
						
						Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments. 
						
					 
					
						2008-12-19 20:09:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							68354be45a 
							
						 
					 
					
						
						
							
							Ahead with enhancements on comparison algorithm: implemented content-length technique  
						
						
						
					 
					
						2008-12-18 22:49:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							afbd66f6d9 
							
						 
					 
					
						
						
							
							Added some comments  
						
						
						
					 
					
						2008-12-18 21:58:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0d6632c22 
							
						 
					 
					
						
						
							
							Initial support to automatically work around the dynamic page at each refresh  
						
						... 
						
						
						
						(Major refactor to the comparison algorithm (True/False response)) 
						
					 
					
						2008-12-18 20:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3fe493b63d 
							
						 
					 
					
						
						
							
							Minor enhancement to support an option (--is-dba) to show if the  
						
						... 
						
						
						
						current user is a database management system administrator. 
						
					 
					
						2008-12-18 20:41:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c32ef9d751 
							
						 
					 
					
						
						
							
							Major bug fix to avoid tracebacks when multiple targets are specified and one  
						
						... 
						
						
						
						of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided. 
						
					 
					
						2008-12-18 20:38:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6dec56d616 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2008-12-17 21:35:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dda62ba463 
							
						 
					 
					
						
						
							
							Minor adjustments and bug fixes  
						
						
						
					 
					
						2008-12-17 20:11:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b7f2602b50 
							
						 
					 
					
						
						
							
							A bit more entropy in the sql injection detection  
						
						
						
					 
					
						2008-12-16 23:51:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05a8c8d3bf 
							
						 
					 
					
						
						
							
							Added support to test for stacked queries support and improved check for time based blind sql injection.  
						
						... 
						
						
						
						Minor bug fix in --save option 
						
					 
					
						2008-12-16 21:30:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bf2a857b9a 
							
						 
					 
					
						
						
							
							Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.  
						
						
						
					 
					
						2008-12-12 19:06:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							072eb7154c 
							
						 
					 
					
						
						
							
							Major enhancement to support Partial UNION query SQL injection technique too.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2008-12-10 17:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9dbad512f1 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers  
						
						... 
						
						
						
						by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation. 
						
					 
					
						2008-12-08 21:24:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							38c9627700 
							
						 
					 
					
						
						
							
							Minor enhancemet to support also --regexp, --excl-str and --excl-reg  
						
						... 
						
						
						
						options rather than only --string when comparing HTTP responses page
content 
						
					 
					
						2008-12-05 15:34:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7f055924a7 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4:  
						
						... 
						
						
						
						Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation. 
						
					 
					
						2008-12-04 17:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0f07e33e1a 
							
						 
					 
					
						
						
							
							Removed REVISION, makes no sense.  
						
						... 
						
						
						
						Import and use python psyco library to speed up if it's installed: it's optional. 
						
					 
					
						2008-12-03 17:32:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3ddbe751f 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2008-12-02 23:49:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b700485a1b 
							
						 
					 
					
						
						
							
							Minor adjustment, still to work on the cookie urlencoding/decoding  
						
						
						
					 
					
						2008-12-02 21:57:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							578bcb9140 
							
						 
					 
					
						
						
							
							Initial support for partial UNION query sql injection  
						
						
						
					 
					
						2008-12-02 21:56:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f97585c593 
							
						 
					 
					
						
						
							
							Show also SVN revision in error message when a traceback raises.  
						
						... 
						
						
						
						Fix typo. 
						
					 
					
						2008-12-01 23:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a777f1ca35 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2008-12-01 23:27:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							034a3f387a 
							
						 
					 
					
						
						
							
							Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)  
						
						
						
					 
					
						2008-12-01 23:09:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cf1658532 
							
						 
					 
					
						
						
							
							Increased default output level from 0 to 1  
						
						
						
					 
					
						2008-12-01 23:07:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							428612b431 
							
						 
					 
					
						
						
							
							Comment and layout adjustments  
						
						
						
					 
					
						2008-12-01 23:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e967b13378 
							
						 
					 
					
						
						
							
							Minor adjustment to command line usage message  
						
						
						
					 
					
						2008-11-27 23:06:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e548eb2ec 
							
						 
					 
					
						
						
							
							Completed support to get the list of targets from WebScarab/Burp proxies  
						
						... 
						
						
						
						log file and updated the documentation 
						
					 
					
						2008-11-27 22:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dc1f2deb74 
							
						 
					 
					
						
						
							
							Minor bug fix to correctly enumerate columns on Microsoft SQL Server.  
						
						... 
						
						
						
						Minor adjustments to XML signatures.
Updated documentation. 
						
					 
					
						2008-11-25 11:33:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f2737ad0a3 
							
						 
					 
					
						
						
							
							Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).  
						
						... 
						
						
						
						Major bug fix in the controller library. 
						
					 
					
						2008-11-22 01:57:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9be844cf3e 
							
						 
					 
					
						
						
							
							Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.  
						
						
						
					 
					
						2008-11-20 17:56:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80425c9ccd 
							
						 
					 
					
						
						
							
							Minor adjustment to ETA feature  
						
						
						
					 
					
						2008-11-20 11:13:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8f74fe2ce9 
							
						 
					 
					
						
						
							
							Added new HTTP response headers on which fingerprint web app technology and web server OS.  
						
						... 
						
						
						
						Updated documentation. 
						
					 
					
						2008-11-19 15:33:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							736b2e7323 
							
						 
					 
					
						
						
							
							Minor adjustments to the operating system fingerprint.  
						
						
						
					 
					
						2008-11-19 00:36:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							727664aea7 
							
						 
					 
					
						
						
							
							Minor enhancement to fingerprint the web server operating system and  
						
						... 
						
						
						
						the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog. 
						
					 
					
						2008-11-18 17:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d0724843f 
							
						 
					 
					
						
						
							
							Major enhancement to the engine to parse XML files and matches on DBMS banner  
						
						... 
						
						
						
						and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments. 
						
					 
					
						2008-11-17 17:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							66fb3c3033 
							
						 
					 
					
						
						
							
							Minor enhancement to show the DBMS operating system (if fingerprinted)  
						
						... 
						
						
						
						also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing. 
						
					 
					
						2008-11-17 11:22:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d7170fc97 
							
						 
					 
					
						
						
							
							Minor code adjustments  
						
						
						
					 
					
						2008-11-17 00:13:49 +00:00