mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Automatic SQL injection and database takeover tool
databasedetectionexploitationpentestingpythonsql-injectionsqlmapstarred-repostarred-sqlmapproject-repotakeovervulnerability-scanner
89c43893d4
Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. |
||
|---|---|---|
| doc | ||
| extra | ||
| lib | ||
| plugins | ||
| shell | ||
| txt | ||
| udf | ||
| xml | ||
| sqlmap.conf | ||
| sqlmap.py | ||