# Individuals Andres Tarasco Acuna, * for suggesting a feature Santiago Accurso, * for reporting a bug Syed Afzal, * for contributing a WAF script varnish.py Zaki Akhmad, * for suggesting a couple of features Olu Akindeinde, * for reporting a couple of bugs David Alvarez, * for reporting a bug Sergio Alves, * for reporting a bug Thomas Anderson, * for reporting a bug Chip Andrews, * for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site Smith Andy, * for suggesting a feature Otavio Augusto, * for reporting a minor bug Simon Baker, * for reporting some bugs Ryan Barnett, * for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html Emiliano Bazaes, * for reporting a minor bug Daniele Bellucci, * for starting sqlmap project and developing it between July and August 2006 Sebastian Bittig, and the rest of the team at r-tec IT Systeme GmbH * for contributing the DB2 support initial patch: fingerprint and enumeration Anthony Boynes, * for reporting several bugs Marcelo Toscani Brandao * for reporting a bug Velky Brat, * for suggesting a minor enhancement to the bisection algorithm James Briggs, * for suggesting a minor enhancement Gianluca Brindisi, * for reporting a couple of bugs Jack Butler, * for contributing the sqlmap site favicon Ulisses Castro, * for reporting a bug Roberto Castrogiovanni, * for reporting a minor bug Cesar Cerrudo, * for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf Karl Chen, * for contributing the initial multi-threading patch for the inference algorithm Y P Chien, * for reporting a minor bug Pierre Chifflier, and Mark Hymers, * for uploading and accepting the sqlmap Debian package to the official Debian project repository Hysia Chow * for contributing a couple of WAF scripts Chris Clements, * for reporting a couple of bugs John Cobb, * for reporting a minor bug Andreas Constantinides, * for reporting a minor bug Andre Costa, * for reporting a minor bug * for suggesting a minor enhancement Ulises U. Cune, * for reporting a bug Alessandro Curio, * for reporting a minor bug Alessio Dalla Piazza, * for reporting a couple of bugs Sherif El-Deeb, * for reporting a minor bug Thomas Etrillard, * for contributing the IBM DB2 error-based payloads (RAISE_ERROR) Stefano Di Paola, * for suggesting good features Mosk Dmitri, * for reporting a minor bug Meng Dong, * for contributing a code for Waffit integration Carey Evans, * for his fcrypt module that allows crypt(3) support on Windows platforms Shawn Evans, * for suggesting an idea for one tamper script, greatest.py Adam Faheem, * for reporting a few bugs James Fisher, * for contributing two very good feature requests * for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster Jim Forster, * for reporting a bug Rong-En Fan, * for committing the sqlmap 0.5 port to the official FreeBSD project repository Giorgio Fedon, * for suggesting a speed improvement for bisection algorithm * for reporting a bug when running against Microsoft SQL Server 2005 Kasper Fons, * for reporting several bugs Alan Franzoni, * for helping out with Python subprocess library Harold Fry, * for suggesting a minor enhancement Daniel G. Gamonal, * for reporting a minor bug Marcos Mateos Garcia, * for reporting a minor bug Andrew Gecse, * for reporting a minor issue Ivan Giacomelli, * for reporting a bug * for suggesting a minor enhancement * for reviewing the documentation Dimitris Giannitsaros, * for contributing a REST-JSON API client Nico Golde, * for reporting a couple of bugs Oliver Gruskovnjak, * for reporting a bug * for contributing a minor patch Davide Guerri, * for suggesting an enhancement Dan Guido, * for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ David Guimaraes, * for reporting considerable amount of bugs * for suggesting several features Chris Hall, * for coding the prettyprint.py library Tate Hansen, * for donating to sqlmap development Mario Heiderich, Christian Matthies, Lars H. Strojny, * for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, https://github.com/PHPIDS/PHPIDS Kristian Erik Hermansen, * for reporting a bug * for donating to sqlmap development Alexander Hagenah, * for reporting a minor bug Dennis Hecken, * for reporting a minor bug Choi Ho, * for reporting a minor bug Jorge Hoya, * for suggesting a minor enhancement Will Holcomb, * for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code Daniel Huckmann, * for reporting a couple of bugs Daliev Ilya, * for reporting a bug Mehmet İnce, * for contributing a tamper script xforwardedfor.py Jovon Itwaru, * for reporting a minor bug Prashant Jadhav, * for reporting a bug Dirk Jagdmann, * for reporting a typo in the documentation Luke Jahnke, * for reporting a bug when running against MySQL < 5.0 Andrew Kitis * for contributing a tamper script lowercase.py David Klein, * for reporting a minor code improvement Sven Klemm, * for reporting two minor bugs with PostgreSQL Anant Kochhar, * for providing with feedback on the user's manual Dmitriy Kononov, * for reporting a minor bug Alexander Kornbrust, * for reporting a couple of bugs Krzysztof Kotowicz, * for reporting a minor bug Nicolas Krassas, * for reporting a couple of bugs Oliver Kuckertz, * for contributing a minor patch Alex Landa, * for contributing a patch adding beta support for XML output Guido Landi, * for reporting a couple of bugs * for the great technical discussions * for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development * for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009 Lee Lawson, * for reporting a minor bug John J. Lee, and others * for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified Nico Leidecker, * for providing with feedback on a few features * for reporting a couple of bugs * for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip Gabriel Lima, * for reporting a couple of bugs Svyatoslav Lisin, * for suggesting a minor feature Miguel Lopes, * for reporting a minor bug Truong Duc Luong, * for reporting a minor bug Pavol Luptak, * for reporting a bug when injecting on a POST data parameter Till Maas, * for suggesting a minor feature Michael Majchrowicz, * for extensively beta-testing sqlmap on various MySQL DBMS * for providing really appreciated feedback * for suggesting a lot of ideas and features Vinícius Henrique Marangoni, * for contributing a Portuguese translation of README.md Francesco Marano, * for contributing the Microsoft SQL Server/Sybase error-based - Stacking (EXEC) payload Ahmad Maulana, * for contributing a tamper script halfversionedmorekeywords.py Ferruh Mavituna, * for exchanging ideas on the implementation of a couple of features David McNab, * for his XMLObject module that allows XML files to be operated on like Python objects Spencer J. McIntyre, * for reporting a minor bug * for contributing a patch for OS fingerprinting on DB2 Brad Merrell, * for reporting a minor bug Michael Meyer, * for suggesting a minor feature Enrico Milanese, * for reporting a minor bug * for sharing some ideas for the PHP backdoor Liran Mimoni, * for reporting a minor bug Marco Mirandola, * for reporting a minor bug Devon Mitchell, * for reporting a minor bug Anton Mogilin, * for reporting a few bugs Sergio Molina, * for reporting a minor bug Anastasios Monachos, * for providing some useful data * for suggesting a feature * for reporting a couple of bugs Kirill Morozov, * for reporting a bug * for suggesting a feature Alejo Murillo Moya, * for reporting a minor bug * for suggesting a few features Yonny Mutai, * for reporting a minor bug Roberto Nemirovsky, * for pointing out some enhancements Sebastian Nerz, * for reporting a (potential) vulnerability in --eval Simone Onofri, * for patching the PHP web backdoor to make it work properly also on Windows Michele Orru, * for reporting a couple of bug * for suggesting ideas on how to implement the RESTful API Shaohua Pan, * for reporting several bugs * for suggesting a few features Antonio Parata, * for sharing some ideas for the PHP backdoor Adrian Pastor, * for donating to sqlmap development Christopher Patten, * for reporting a bug in the blind SQL injection bisection algorithm Zack Payton, * for reporting a minor bug Jaime Penalba, * for contributing a patch for INSERT/UPDATE generic boundaries Pedrito Perez, <0ark1ang3l(at)gmail.com> * for reporting a couple of bugs Brandon Perry, * for reporting a couple of bugs Travis Phillips, * for suggesting a minor enhancement Mark Pilgrim, * for porting chardet package (Universal Encoding Detector) to Python Steve Pinkham, * for suggesting a feature * for contributing a new SQL injection vector (MSSQL time-based blind) * for donating to sqlmap development Adam Pridgen, * for suggesting some features Luka Pusic, * for reporting a couple of bugs Ole Rasmussen, * for reporting a bug * for suggesting a feature Alberto Revelli, * for inspiring to write sqlmap user's manual in SGML * for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net David Rhoades, * for reporting a bug Andres Riancho, * for beta-testing sqlmap * for reporting a bug and suggesting some features * for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net * for suggesting a way for handling DNS caching Jamie Riden, * for reporting a minor bug Alexander Rigbo, * for contributing a minor patch Antonio Riva, * for reporting a bug when running with python 2.5 Ethan Robish, * for reporting a bug Levente Rog, * for reporting a minor bug Andrea Rossi, * for reporting a minor bug * for suggesting a feature Frederic Roy, * for reporting a couple of bugs Vladimir Rutsky, * for suggesting a couple of minor enhancements Richard Safran, * for donating the sqlmap.org domain Tomoyuki Sakurai, * for submitting to the FreeBSD project the sqlmap 0.5 port Roberto Salgado, * for contributing considerable amount of tamper scripts Pedro Jacques Santos Santiago, * for reporting considerable amount of bugs Marek Sarvas, * for reporting several bugs Philippe A. R. Schaeffer, * for reporting a minor bug Henri Salo * for a donation Mohd Zamiri Sanin, * for reporting a minor bug Jorge Santos, * for reporting a minor bug Sven Schluter, * for contributing a patch * for waiting a number of seconds between each HTTP request Ryan Sears, * for suggesting a couple of enhancements * for donating to sqlmap development Uemit Seren, * for reporting a minor adjustment when running with python 2.6 Shane Sewell, * for suggesting a feature Ahmed Shawky, * for reporting a major bug with improper handling of parameter values * for reporting a bug Brian Shura, * for reporting a bug Sumit Siddharth, * for sharing ideas on the implementation of a couple of features Andre Silva, * for reporting a bug Benjamin Silva H. * for reporting a bug Duarte Silva * for reporting a couple of bugs M Simkin, * for suggesting a feature Konrads Smelkovs, * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server Chris Spencer, * for reviewing the user's manual grammar Michael D. Stenner, * for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections Marek Stiefenhofer, * for reporting a few bugs Jason Swan, * for reporting a bug when enumerating columns on Microsoft SQL Server * for suggesting a couple of improvements Chilik Tamir, * for contributing a patch for initial support SOAP requests Alessandro Tanasi, * for extensively beta-testing sqlmap * for suggesting many features and reporting some bugs * for reviewing the documentation Andres Tarasco, * for contributing good feedback Tom Thumb, * for reporting a major bug Kazim Bugra Tombul, * for reporting a minor bug Efrain Torres, * for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository * for his great Metasploit WMAP Framework Jennifer Torres, * for contributing a tamper script luanginx.py Sandro Tosi, * for helping to create sqlmap Debian package correctly Jacco van Tuijl, * for reporting several bugs Vitaly Turenko, * for reporting a bug Augusto Urbieta, * for reporting a minor bug Bedirhan Urgun, * for reporting a few bugs * for suggesting some features and improvements * for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench Kyprianos Vasilopoulos, * for reporting a couple of minor bugs Vlado Velichkovski, * for reporting considerable amount of bugs * for suggesting an enhancement Johnny Venter, * for reporting a couple of bugs Carlos Gabriel Vergara, * for suggesting couple of good features Patrick Webster, * for suggesting an enhancement * for donating to sqlmap development (from OSI.Security) Ed Williams, * for suggesting a minor enhancement Anthony Zboralski, * for providing with detailed feedback * for reporting a few minor bugs * for donating to sqlmap development Thierry Zoller, * for reporting a couple of major bugs Zhen Zhou, * for suggesting a feature -insane-, * for reporting a minor bug 1ndr4 joe, * for reporting a couple of bugs abc abc, * for reporting a minor bug Abuse 007, * for reporting a bug agix, * for contributing the file upload via certutil.exe functionality Alex, * for reporting a minor bug anonymous anonymous, * for reporting a couple of bugs bamboo, * for reporting a couple of bugs Brandon E., * for reporting a bug black zero, * for reporting a minor bug blueBoy, * for reporting a bug buawig, * for reporting considerable amount of bugs Bugtrace, * for reporting several bugs cats, * for reporting a couple of bugs Christian S, * for reporting a minor bug clav, * for reporting a minor bug dragoun dash, * for reporting a minor bug flsf, * for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py * for contributing a minor patch fufuh, * for reporting a bug when running on Windows Hans Wurst, * for reporting a couple of bugs Hysia, * for contributing a Chinese translation of README.md james, * for reporting a bug Joe "Pragmatk", * for reporting a few bugs John Smith, * for reporting several bugs * for suggesting some features m4l1c3, * for reporting considerable amount of bugs mariano, * for reporting a bug mitchell, * for reporting a few bugs Nadzree, * for reporting a minor bug nightman, * for reporting considerable amount of bugs Oso Dog osodog123(at)yahoo.com * for reporting a minor bug pacman730, * for reporting a bug pentestmonkey, * for reporting several bugs * for suggesting a few minor enhancements Phat R., * for reporting a few bugs Phil P, <(at)superevr> * for suggesting a minor enhancement ragos, * for reporting a minor bug rmillet, * for reporting a bug Rub3nCT, * for reporting a minor bug shiftzwei, * for reporting a couple of bugs smith, * for reporting a minor bug Soma Cruz, * for reporting a minor bug Spiros94, * for contributing a Greek translation of README.md Stuffe, * for reporting a minor bug and a feature request Sylphid, * for suggesting some features syssecurity.info, * for reporting a minor bug This LittlePiggy, * for reporting a minor bug ToR, * for reporting considerable amount of bugs * for suggesting a feature ultramegaman, * for reporting a minor bug Vinicius, * for reporting a minor bug virusdefender * for contributing WAF scripts safeline.py w8ay * for contributing an implementation for chunked transfer-encoding (switch --chunked) wanglei, * for reporting a minor bug warninggp, * for reporting a few minor bugs x, * for reporting a bug zhouhx, * for contributing a minor patch # Organizations Black Hat team, * for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation * Homepage: http://goo.gl/BKfs7 * Slides: http://goo.gl/Dh65t * White paper: http://goo.gl/spX3N SOURCE Conference team, * for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation * Homepage: http://goo.gl/IeXV4 * Slides: http://goo.gl/OKnfj AthCon Conference team, * for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation * Homepage: http://goo.gl/Fs71I * Slides: http://goo.gl/QMfjO Metasploit Framework development team, * for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server * Homepage: http://www.metasploit.com OWASP Board, * for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007 * Homepage: http://www.owasp.org