== Individuals == Chip Andrews for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site Simon Baker for reporting some bugs Daniele Bellucci for starting sqlmap project and developing it between July and August 2006 Jack Butler for providing me with the sqlmap site favicon Roberto Castrogiovanni for reporting a minor bug Cesar Cerrudo for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf Karl Chen for providing with the multithreading patch for the inference algorithm Y P Chien for reporting a minor bug Pierre Chifflier and Mark Hymers for uploading and accepting the sqlmap Debian package to the official Debian project repository Ulises U. Cune for reporting a bug Alessandro Curio for reporting a minor bug Stefano Di Paola for suggesting good features Dan Guido for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ Adam Faheem for reporting a few bugs James Fisher for providing me with two very good feature requests for his great tool too brute force directories and files names on web/application servers, Dir Buster, http://tinyurl.com/dirbuster Jim Forster for reporting a bug Rong-En Fan for commiting the sqlmap 0.5 port to the official FreeBSD project repository Giorgio Fedon for suggesting a speed improvement for bisection algorithm for reporting a bug when running against Microsoft SQL Server 2005 Alan Franzoni for helping me out with Python subprocess library Ivan Giacomelli for reporting a bug for suggesting a minor enhancement for reviewing the documentation Oliver Gruskovnjak for reporting a bug for providing me with a minor patch Davide Guerri for suggesting an enhancement Kristian Erik Hermansen for reporting a bug for donating to sqlmap development Jorge Hoya for suggesting a minor enhancement Will Holcomb for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code Daniel Hückmann for reporting a minor bug Mounir Idrassi for his compiled version of UPX for Mac OS X Dirk Jagdmann for reporting a typo in the documentation Luke Jahnke for reporting a bug when running against MySQL < 5.0 Sven Klemm for reporting two minor bugs with PostgreSQL Anant Kochhar for providing me with feedback on the user's manual Alexander Kornbrust for reporting a couple of bugs Nicolas Krassas for reporting a bug Guido Landi for reporting a couple of bugs for the great technical discussions for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development for presenting with me at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 Lee Lawson for reporting a minor bug Nico Leidecker for providing me with feedback on a few features for reporting a couple of bugs Gabriel Lima for reporting a couple of bugs Pavol Luptak for reporting a bug when injecting on a POST data parameter Michael Majchrowicz for extensively beta-testing sqlmap on various MySQL DBMS for providing really appreciated feedback for suggesting a lot of ideas and features Ferruh Mavituna for providing me with ideas on the implementation of a couple of new features Enrico Milanese for reporting a bugs when using (-a) a single line User-Agent file for providing me with some ideas for the PHP backdoor Roberto Nemirovsky for pointing me out some enhancements Markus Oberhumer Laszlo Molnar John F. Reiser for their great tool UPX (Ultimate Packer for eXecutables) included in sqlmap tree as a contrib library and used mainly to pack the Metasploit Framework 3 payload stager portable executable, http://upx.sourceforge.net Simone Onofri for patching the PHP web backdoor to make it work properly also on Windows Antonio Parata for providing me with some ideas for the PHP backdoor Adrian Pastor for donating to sqlmap development Chris Patten for reporting a bug in the blind SQL injection bisection algorithm Adam Pridgen for suggesting some features Alberto Revelli for inspiring me to write sqlmap user's manual in SGML for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net Andres Riancho for beta-testing sqlmap for reporting a bug and suggesting some features for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net Antonio Riva for reporting a bug when running with python 2.5 Richard Safran for donating the sqlmap.org domain control Tomoyuki Sakurai for submitting to the FreeBSD project the sqlmap 0.5 port Philippe A. R. Schaeffer for reporting a minor bug Sven Schluter for providing with a patch for waiting a number of seconds between each HTTP request Uemit Seren for reporting a minor adjustment when running with python 2.6 Sumit Siddharth for providing me with ideas on the implementation of a couple of features M Simkin for suggesting a feature Konrads Smelkovs for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server Marek Stiefenhofer for reporting a bug Jason Swan for reporting a bug when enumerating columns on Microsoft SQL Server for suggesting a couple of improvements Alessandro Tanasi for extensively beta-testing sqlmap for suggesting many features and reporting some bugs for reviewing the documentation Andres Tarasco for providing me with good feedback Efrain Torres for helping me out to improve the Metasploit Framework 3 sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository for his great Metasploit WMAP Framework Sandro Tosi for helping to create sqlmap Debian package correctly Bedirhan Urgun for reporting a few bugs for suggesting some features and improvements for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench Kyprianos Vassilopoulos for reporting an unhandled connection exception Anthony Zboralski for providing me with detailed feedback for reporting a few minor bugs for donating to sqlmap development fufuh for reporting a bug when running on Windows mariano for reporting a bug pacman730 for reporting a bug Stuffe for reporting a minor bug and a feature request Sylphid for suggesting some features == Organizations == Black Hat team for the opportunity to present my research on 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation Metasploit LLC for their powerful tool Metasploit Framework 3, used by sqlmap, among others things, to create the payload stager and establish an out-of-band connection between sqlmap and the database server, http://www.metasploit.com/framework OWASP Board for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007