sqlmap (0.6.1-1) stable; urgency=low * Major bug fix to blind SQL injection bisection algorithm to handle an exception; * Written a Metasploit 3 auxiliary module to run sqlmap; * Implemented possibility to test for and inject also on LIKE statements; * Implemented --start and --stop options to set the first and the last table entry to dump; * Added non-interactive/batch-mode (--batch) option to make it easy to wrap sqlmap in Metasploit and any other tool; * Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes. TODO: fix for ETA -- Bernardo Damele A. G. Fri, 10 Oct 2008 10:00:00 +0100 sqlmap (0.6-1) stable; urgency=low * Complete code refactor and many bugs fixed; * Added multithreading support to set the maximum number of concurrent HTTP requests; * Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack; * Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator; * Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file; * Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with --update option; * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages; * Created sqlmap .exe (Windows) portable executable; * Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times; * Improved automatic check for parenthesis when testing and forging SQL query vector; * Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable; * Implemented support for HTTPS requests over HTTP(S) proxy; * Added a check to handle NULL or not available queries output; * More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks; * Improved XML files structure; * Implemented the possibility to change the HTTP Referer header; * Added support to resume from session file also when running with inband SQL injection attack; * Added an option (--os-shell) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root; * Added a check to assure that the provided string to match (--string) is within the page content; * Fixed various queries in XML file; * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it; * Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function; * Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable; * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic; * Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires; * Added support to inject also on Set-Cookie parameters; * Implemented TAB completion and command history on both --sql-shell and --os-shell; * Renamed some command line options; * Added a conversion library; * Added code schema and reminders for future developments; * Added Copyright comment and $Id$ svn property to all Python files; * Updated the command line layout and help messages; * Updated some docstrings; * Updated documentation files. -- Bernardo Damele A. G. Mon, 1 Sep 2008 10:00:00 +0100 sqlmap (0.5-1) stable; urgency=low * Added support for Oracle database management system * Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins; * Added support to extract database users password hash on Microsoft SQL Server; * Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting; * Added support for SQL injection on HTTP Cookie and User-Agent headers; * Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind(); * Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack; * Implemented --dump-all functionality to dump entire DBMS data from all databases tables; * Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (--exclude-sysdbs); * Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default; * Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml; * Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped; * Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py; * Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (-g); * Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces; * More minor layout enhancements in some libraries; * Renamed DMBS plugins; * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements; * Updated all documentation files. -- Bernardo Damele A. G. Sun, 4 Nov 2007 20:00:00 +0100 sqlmap (0.4-1) stable; urgency=low * Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS; * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS; * Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta); * Added support to extract database management system users password hash on MySQL and PostgreSQL (--passwords); * Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation ; * Implemented Google dorking feature (-g) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS; * Improved logging functionality: passed from banal 'print' to Python native logging library; * Added support for more than one parameter in '-p' command line option; * Added support for HTTP Basic and Digest authentication methods (--basic-auth and --digest-auth); * Added the command line option '--remote-dbms' to manually specify the remote DBMS; * Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters ('--' and '#') in UNION SELECT statements; * Added the possibility to save the output into a file while performing the queries (-o OUTPUTFILE) so it is possible to stop and resume the same query output retrieving in a second time (--resume); * Added support to specify the database table column to enumerate (-C COL); * Added inband SQL injection (UNION SELECT) support (--union-use); * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements; * Reviewed the directory tree structure; * Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py; * Updated documentation files. -- Bernardo Damele A. G. Fri, 15 Jun 2007 20:00:00 +0100 sqlmap (0.3-1) stable; urgency=low * Added module for MS SQL Server; * Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check; * Added PostgreSQL dbms active fingerprint; * Added support for string match (--string); * Added support for UNION check (--union-check); * Removed duplicated code, delegated most of features to the engine in common.py and option.py; * Added support for --data command line argument to pass the string for POST requests; * Added encodeParams() method to encode url parameters before making http request; * Many bug fixes; * Rewritten documentation files; * Complete code restyling. -- Bernardo Damele A. G. Sat, 20 Jan 2007 20:00:00 +0100 sqlmap (0.2-1) stable; urgency=low * complete refactor of entire program; * added TODO and THANKS files; * added some papers references in README file; * moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header; * strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions; * replaced old inference algorithm with a new bisection algorithm. * reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter; * improved Common class, adding support for http proxy and http post method in hash_page; * added OptionCheck class in option.py which performs all needed checks on command line parameters and values; * added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters; * improved output methods in dump.py; * layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions. -- Bernardo Damele A. G. Wed, 13 Dec 2006 20:00:00 +0100