== Individuals == David Alvarez for reporting a bug Chip Andrews for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site Smith Andy for suggesting a feature Otavio Augusto for reporting a minor bug Simon Baker for reporting some bugs Daniele Bellucci for starting sqlmap project and developing it between July and August 2006 Velky Brat for suggesting a minor enhancement to the bisection algorithm Jack Butler for providing me with the sqlmap site favicon Ulisses Castro for reporting a bug Roberto Castrogiovanni for reporting a minor bug Cesar Cerrudo for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf Karl Chen for providing with the multithreading patch for the inference algorithm Y P Chien for reporting a minor bug Pierre Chifflier and Mark Hymers for uploading and accepting the sqlmap Debian package to the official Debian project repository Andreas Constantinides for reporting a minor bug Ulises U. Cune for reporting a bug Alessandro Curio for reporting a minor bug Stefano Di Paola for suggesting good features Mosk Dmitri for reporting a minor bug Dan Guido for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ Adam Faheem for reporting a few bugs James Fisher for providing me with two very good feature requests for his great tool too brute force directories and files names on web/application servers, Dir Buster, http://tinyurl.com/dirbuster Jim Forster for reporting a bug Rong-En Fan for commiting the sqlmap 0.5 port to the official FreeBSD project repository Giorgio Fedon for suggesting a speed improvement for bisection algorithm for reporting a bug when running against Microsoft SQL Server 2005 Kasper Fons for reporting several bugs Jose Fonseca for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only http://code.google.com/p/jrfonseca/wiki/Gprof2Dot http://code.google.com/p/jrfonseca/wiki/XDot Alan Franzoni for helping me out with Python subprocess library Daniel G. Gamonal for reporting a minor bug Marcos Mateos Garcia for reporting a minor bug Ivan Giacomelli for reporting a bug for suggesting a minor enhancement for reviewing the documentation Oliver Gruskovnjak for reporting a bug for providing me with a minor patch Davide Guerri for suggesting an enhancement David Guimaraes for reporting several bugs Chris Hall for coding the prettyprint.py library Mario Heiderich Christian Matthies Lars H. Strojny for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org Kristian Erik Hermansen for reporting a bug for donating to sqlmap development Jorge Hoya for suggesting a minor enhancement Will Holcomb for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code Daniel Huckmann for reporting a couple of bugs Mounir Idrassi for his compiled version of UPX for Mac OS X Daliev Ilya for reporting a bug Prashant Jadhav for reporting a bug Dirk Jagdmann for reporting a typo in the documentation Luke Jahnke for reporting a bug when running against MySQL < 5.0 David Klein for reporting a minor code improvement Sven Klemm for reporting two minor bugs with PostgreSQL Anant Kochhar for providing me with feedback on the user's manual Alexander Kornbrust for reporting a couple of bugs Krzysztof Kotowicz for reporting a minor bug Nicolas Krassas for reporting a bug Alex Landa for providing a patch adding support for XML output Guido Landi for reporting a couple of bugs for the great technical discussions for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development for presenting with me at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009 Lee Lawson for reporting a minor bug John J. Lee & others for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified Nico Leidecker for providing me with feedback on a few features for reporting a couple of bugs for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip Gabriel Lima for reporting a couple of bugs Mark Lowe for reporting a couple of bugs Truong Duc Luong for reporting a minor bug Pavol Luptak for reporting a bug when injecting on a POST data parameter Michael Majchrowicz for extensively beta-testing sqlmap on various MySQL DBMS for providing really appreciated feedback for suggesting a lot of ideas and features Ferruh Mavituna for providing me with ideas on the implementation of a couple of new features David McNab for his XMLObject module that allows XML files to be operated on like Python objects Enrico Milanese for reporting a bugs when using (-a) a single line User-Agent file for providing me with some ideas for the PHP backdoor Anton Mogilin for reporting a few bugs Anastasios Monachos for providing some useful data Alejo Murillo Moya for reporting a minor bug for suggesting a feature Roberto Nemirovsky for pointing me out some enhancements Markus Oberhumer Laszlo Molnar John F. Reiser for their great tool UPX (Ultimate Packer for eXecutables) included in sqlmap tree as a contrib library and used mainly to pack the Metasploit Framework 3 payload stager portable executable, http://upx.sourceforge.net Simone Onofri for patching the PHP web backdoor to make it work properly also on Windows Shaohua Pan for reporting few bugs for suggesting a feature Antonio Parata for providing me with some ideas for the PHP backdoor Adrian Pastor for donating to sqlmap development Chris Patten for reporting a bug in the blind SQL injection bisection algorithm Adam Pridgen for suggesting some features Ole Rasmussen for reporting a bug for suggesting a feature Alberto Revelli for inspiring me to write sqlmap user's manual in SGML for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net Andres Riancho for beta-testing sqlmap for reporting a bug and suggesting some features for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net Antonio Riva for reporting a bug when running with python 2.5 Ethan Robish for reporting a bug Richard Safran for donating the sqlmap.org domain control Tomoyuki Sakurai for submitting to the FreeBSD project the sqlmap 0.5 port Marek Sarvas for reporting several bugs Philippe A. R. Schaeffer for reporting a minor bug Sven Schluter for providing with a patch for waiting a number of seconds between each HTTP request Uemit Seren for reporting a minor adjustment when running with python 2.6 Brian Shura for reporting a bug Sumit Siddharth for providing me with ideas on the implementation of a couple of features M Simkin for suggesting a feature Konrads Smelkovs for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server Michael D. Stenner for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections Marek Stiefenhofer for reporting a bug Jason Swan for reporting a bug when enumerating columns on Microsoft SQL Server for suggesting a couple of improvements Chilik Tamir for providing a patch for initial support SOAP requests Alessandro Tanasi for extensively beta-testing sqlmap for suggesting many features and reporting some bugs for reviewing the documentation Andres Tarasco for providing me with good feedback Efrain Torres for helping me out to improve the Metasploit Framework 3 sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository for his great Metasploit WMAP Framework Sandro Tosi for helping to create sqlmap Debian package correctly Vitaly Turenko for reporting a bug Augusto Urbieta for reporting a minor bug Bedirhan Urgun for reporting a few bugs for suggesting some features and improvements for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench Kyprianos Vasilopoulos for reporting an unhandled connection exception Carlos Gabriel Vergara for suggesting couple of good features Anthony Zboralski for providing me with detailed feedback for reporting a few minor bugs for donating to sqlmap development Thierry Zoller for reporting a couple of major bugs Brandon E. for reporting a bug Bugtrace for reporting several bugs dragoun dash for reporting a minor bug fufuh for reporting a bug when running on Windows james for reporting a bug m4l1c3 for reporting a minor bug mariano for reporting a bug mitchell for reporting a bug nightman for reporting a bug pacman730 for reporting a bug Phat R. for reporting a minor bug shiftzwei for reporting a couple of bugs Stuffe for reporting a minor bug and a feature request Sylphid for suggesting some features ToR for reporting several bugs for suggesting a feature == Organizations == Black Hat team for the opportunity to present my research on 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation Metasploit LLC for their powerful tool Metasploit Framework 3, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server, http://www.metasploit.com/framework OWASP Board for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007