mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
589 lines
17 KiB
Plaintext
589 lines
17 KiB
Plaintext
== Individuals ==
|
|
|
|
Santiago Accurso <saccurso@skygear.com.ar>
|
|
for reporting a bug
|
|
|
|
David Alvarez <david.alvarez.s@gmail.com>
|
|
for reporting a bug
|
|
|
|
Sergio Alves <sergioalexandre.alves@gmail.com>
|
|
for reporting a bug
|
|
|
|
Chip Andrews <chip@sqlsecurity.com>
|
|
for his excellent work maintaining the SQL Server versions database
|
|
at SQLSecurity.com and permission to implement the update feature
|
|
taking data from his site
|
|
|
|
Smith Andy <teh.one@hotmail.com>
|
|
for suggesting a feature
|
|
|
|
Otavio Augusto <otavioarj@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Simon Baker <simonb@sec-1.com>
|
|
for reporting some bugs
|
|
|
|
Emiliano Bazaes <emiliano@7espejos.com>
|
|
for reporting a minor bug
|
|
|
|
Daniele Bellucci <daniele.bellucci@gmail.com>
|
|
for starting sqlmap project and developing it between July and August
|
|
2006
|
|
|
|
Anthony Boynes <aboynes@gmail.com>
|
|
for reporting a bug
|
|
|
|
Velky Brat <velkybrat@gmail.com>
|
|
for suggesting a minor enhancement to the bisection algorithm
|
|
|
|
Jack Butler <fattredd@hotmail.com>
|
|
for providing me with the sqlmap site favicon
|
|
|
|
Ulisses Castro <uss.thebug@gmail.com>
|
|
for reporting a bug
|
|
|
|
Roberto Castrogiovanni <castrogiovanni.roberto@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Cesar Cerrudo <cesar@argeniss.com>
|
|
for his Windows access token kidnapping tool Churrasco included in
|
|
sqlmap tree as a contrib library and used to run the stand-alone
|
|
payload stager on the target Windows machine as SYSTEM user if the
|
|
user wants to perform a privilege escalation attack,
|
|
http://www.argeniss.com/research/TokenKidnapping.pdf
|
|
|
|
Karl Chen <quarl@cs.berkeley.edu>
|
|
for providing with the multithreading patch for the inference
|
|
algorithm
|
|
|
|
Y P Chien <ypchien@cox.net>
|
|
for reporting a minor bug
|
|
|
|
Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
|
|
for uploading and accepting the sqlmap Debian package to the official
|
|
Debian project repository
|
|
|
|
Andreas Constantinides <megahz@megahz.org>
|
|
for reporting a minor bug
|
|
|
|
Andre Costa <andre.investorsclub@gmail.com>
|
|
for reporting a minor bug
|
|
for suggesting a minor enhancement
|
|
|
|
Ulises U. Cune <ulises2k@gmail.com>
|
|
for reporting a bug
|
|
|
|
Alessandro Curio <alessandro.curio@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Alessio Dalla Piazza <alessio.dallapiazza@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Stefano Di Paola <stefano.dipaola@wisec.it>
|
|
for suggesting good features
|
|
|
|
Mosk Dmitri <ya@darkbyte.ru>
|
|
for reporting a minor bug
|
|
|
|
Carey Evans <careye@spamcop.net>
|
|
for his fcrypt module that allows crypt(3) support
|
|
on Windows platforms
|
|
|
|
Adam Faheem <faheem.adam@is.co.za>
|
|
for reporting a few bugs
|
|
|
|
James Fisher <www@sittinglittleduck.com>
|
|
for providing me with two very good feature requests
|
|
for his great tool too brute force directories and files names on
|
|
web/application servers, Dir Buster, http://tinyurl.com/dirbuster
|
|
|
|
Jim Forster <jimforster@goldenwest.com>
|
|
for reporting a bug
|
|
|
|
Rong-En Fan <rafan@freebsd.org>
|
|
for commiting the sqlmap 0.5 port to the official FreeBSD project
|
|
repository
|
|
|
|
Giorgio Fedon <giorgio.fedon@gmail.com>
|
|
for suggesting a speed improvement for bisection algorithm
|
|
for reporting a bug when running against Microsoft SQL Server 2005
|
|
|
|
Kasper Fons <thefeds@mail.dk>
|
|
for reporting several bugs
|
|
|
|
Jose Fonseca <jose.r.fonseca@gmail.com>
|
|
for his Gprof2Dot utility for converting profiler output to dot
|
|
graph(s) and for his XDot utility to render nicely dot graph(s),
|
|
both included in sqlmap tree inside extra folder. These libraries
|
|
are used for sqlmap development purposes only
|
|
http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
|
|
http://code.google.com/p/jrfonseca/wiki/XDot
|
|
|
|
Alan Franzoni <alan.franzoni@gmail.com>
|
|
for helping me out with Python subprocess library
|
|
|
|
Daniel G. Gamonal <lgrecol@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Marcos Mateos Garcia <mmateos@germinus.com>
|
|
for reporting a minor bug
|
|
|
|
Andrew Gecse <andrew.gecse@upcmail.hu>
|
|
for reporting a minor issue
|
|
|
|
Ivan Giacomelli <truemilk@insiberia.net>
|
|
for reporting a bug
|
|
for suggesting a minor enhancement
|
|
for reviewing the documentation
|
|
|
|
Nico Golde <nico@ngolde.de>
|
|
for reporting a couple of bugs
|
|
|
|
Oliver Gruskovnjak <oliver.gruskovnjak@gmail.com>
|
|
for reporting a bug
|
|
for providing me with a minor patch
|
|
|
|
Davide Guerri <d.guerri@caspur.it>
|
|
for suggesting an enhancement
|
|
|
|
Dan Guido <dguido@gmail.com>
|
|
for promoting sqlmap in the context of the Penetration Testing and
|
|
Vulnerability Analysis class at the Polytechnic University of New York,
|
|
http://isisblogs.poly.edu/courses/pentest/
|
|
|
|
David Guimaraes <skysbsb@gmail.com>
|
|
for reporting considerable amount of bugs
|
|
for suggesting several features
|
|
|
|
Chris Hall <chris.hall@mod10.net>
|
|
for coding the prettyprint.py library
|
|
|
|
Tate Hansen <tate@clearnetsec.com>
|
|
for donating to sqlmap development
|
|
|
|
Mario Heiderich <mario.heiderich@gmail.com>
|
|
Christian Matthies <ch0012@gmail.com>
|
|
Lars H. Strojny <lars@strojny.net>
|
|
for their great tool PHPIDS included in sqlmap tree as
|
|
a set of rules for testing payloads against IDS detection,
|
|
http://php-ids.org
|
|
|
|
Kristian Erik Hermansen <kristian.hermansen@gmail.com>
|
|
for reporting a bug
|
|
for donating to sqlmap development
|
|
|
|
Jorge Hoya <aquinadie@gmail.com>
|
|
for suggesting a minor enhancement
|
|
|
|
Will Holcomb <wholcomb@gmail.com>
|
|
for his MultipartPostHandler class to handle multipart POST forms and
|
|
permission to include it within sqlmap source code
|
|
|
|
Daniel Huckmann <sanitybit@gmail.com>
|
|
for reporting a couple of bugs
|
|
|
|
Daliev Ilya <daliser@yandex.ru>
|
|
for reporting a bug
|
|
|
|
Prashant Jadhav <prashantjadhav.82@gmail.com>
|
|
for reporting a bug
|
|
|
|
Dirk Jagdmann <doj@cubic.org>
|
|
for reporting a typo in the documentation
|
|
|
|
Luke Jahnke <luke.jahnke@gmail.com>
|
|
for reporting a bug when running against MySQL < 5.0
|
|
|
|
David Klein <david.klein@ipfocus.com.au>
|
|
for reporting a minor code improvement
|
|
|
|
Sven Klemm <sven@c3d2.de>
|
|
for reporting two minor bugs with PostgreSQL
|
|
|
|
Anant Kochhar <anant.kochhar@secureyes.net>
|
|
for providing me with feedback on the user's manual
|
|
|
|
Alexander Kornbrust <ak@red-database-security.com>
|
|
for reporting a couple of bugs
|
|
|
|
Krzysztof Kotowicz <kkotowicz@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Nicolas Krassas <krasn@ans.gr>
|
|
for reporting a bug
|
|
|
|
Alex Landa <landa.alex86@gmail.com>
|
|
for providing a patch adding support for XML output
|
|
|
|
Guido Landi <lists@keamera.org>
|
|
for reporting a couple of bugs
|
|
for the great technical discussions
|
|
for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
|
|
'sp_replwritetovarbin' stored procedure heap-based buffer overflow
|
|
(MS09-004) exploit development
|
|
for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
|
|
on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
|
|
November 20, 2009
|
|
|
|
Lee Lawson <Lee.Lawson@dns.co.uk>
|
|
for reporting a minor bug
|
|
|
|
John J. Lee <jjl@pobox.com> & others
|
|
for developing the clientform Python library used by sqlmap to parse
|
|
forms when --forms switch is specified
|
|
|
|
Nico Leidecker <nico@leidecker.info>
|
|
for providing me with feedback on a few features
|
|
for reporting a couple of bugs
|
|
for his great tool icmpsh included in sqlmap tree to get a command
|
|
prompt via an out-of-band tunnel over ICMP,
|
|
http://leidecker.info/downloads/icmpsh.zip
|
|
|
|
Gabriel Lima <pato@bugnet.com.br>
|
|
for reporting a couple of bugs
|
|
|
|
Svyatoslav Lisin <sel@3d-tech.ru>
|
|
for suggesting a minor feature
|
|
|
|
Mark Lowe <larkmowe@gmail.com>
|
|
for reporting a couple of bugs
|
|
|
|
Truong Duc Luong <luongductruong@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Pavol Luptak <pavol.luptak@nethemba.com>
|
|
for reporting a bug when injecting on a POST data parameter
|
|
|
|
Michael Majchrowicz <mmajchrowicz@gmail.com>
|
|
for extensively beta-testing sqlmap on various MySQL DBMS
|
|
for providing really appreciated feedback
|
|
for suggesting a lot of ideas and features
|
|
|
|
Ferruh Mavituna <ferruh@mavituna.com>
|
|
for providing me with ideas on the implementation of a couple of
|
|
new features
|
|
|
|
David McNab <david@conscious.co.nz>
|
|
for his XMLObject module that allows XML files to be operated on
|
|
like Python objects
|
|
|
|
Spencer J. McIntyre <smcintyre@securestate.com>
|
|
for reporting a minor bug
|
|
|
|
Enrico Milanese <enricomilanese@gmail.com>
|
|
for reporting a bugs when using (-a) a single line User-Agent file
|
|
for providing me with some ideas for the PHP backdoor
|
|
|
|
Anton Mogilin <azarmaster81@yahoo.com>
|
|
for reporting a few bugs
|
|
|
|
Anastasios Monachos <anastasiosm@gmail.com>
|
|
for providing some useful data
|
|
for suggesting a feature
|
|
|
|
Kirill Morozov <l0rda@l0rda.biz>
|
|
for reporting a bug
|
|
for suggesting a feature
|
|
|
|
Alejo Murillo Moya <alex@65535.com>
|
|
for reporting a minor bug
|
|
for suggesting a few features
|
|
|
|
Yonny Mutai <yonnym@googlemail.com>
|
|
for reporting a minor bug
|
|
|
|
Roberto Nemirovsky <roberto.paes@gmail.com>
|
|
for pointing me out some enhancements
|
|
|
|
Simone Onofri <simone.onofri@gmail.com>
|
|
for patching the PHP web backdoor to make it work properly also on
|
|
Windows
|
|
|
|
Shaohua Pan <pan@knownsec.com>
|
|
for reporting several bugs
|
|
for suggesting a few features
|
|
|
|
Antonio Parata <s4tan@ictsc.it>
|
|
for providing me with some ideas for the PHP backdoor
|
|
|
|
Adrian Pastor <ap@gnucitizen.org>
|
|
for donating to sqlmap development
|
|
|
|
Christopher Patten <cpatten@sunera.com>
|
|
for reporting a bug in the blind SQL injection bisection algorithm
|
|
|
|
Zack Payton <zack.payton@executiveinstruments.com>
|
|
for reporting a minor bug
|
|
|
|
Mark Pilgrim <mark@diveintomark.org>
|
|
for porting chardet package (Universal Encoding Detector) to Python
|
|
|
|
Steve Pinkham <steve.pinkham@gmail.com>
|
|
for suggesting a feature
|
|
for providing a new sql injection vector (MSSQL time based)
|
|
for donating to sqlmap development
|
|
|
|
Adam Pridgen <adam.pridgen@gmail.com>
|
|
for suggesting some features
|
|
|
|
Ole Rasmussen <olerass@gmail.com>
|
|
for reporting a bug
|
|
for suggesting a feature
|
|
|
|
Alberto Revelli <r00t@northernfortress.net>
|
|
for inspiring me to write sqlmap user's manual in SGML
|
|
for his great Microsoft SQL Server take over tool, sqlninja,
|
|
http://sqlninja.sourceforge.net
|
|
|
|
Andres Riancho <andres.riancho@gmail.com>
|
|
for beta-testing sqlmap
|
|
for reporting a bug and suggesting some features
|
|
for including sqlmap in his great web application audit and attack
|
|
framework, w3af, http://w3af.sourceforge.net
|
|
for suggesting a way for handling DNS caching
|
|
|
|
Antonio Riva <antonio.riva@gmail.com>
|
|
for reporting a bug when running with python 2.5
|
|
|
|
Ethan Robish <ethan.robish@gmail.com>
|
|
for reporting a bug
|
|
|
|
Andrea Rossi <andyroyalbattle@yahoo.it>
|
|
for reporting a minor bug
|
|
for suggesting a feature
|
|
|
|
Richard Safran <allapplyhere@yahoo.com>
|
|
for donating the sqlmap.org domain control
|
|
|
|
Tomoyuki Sakurai <cherry@trombik.org>
|
|
for submitting to the FreeBSD project the sqlmap 0.5 port
|
|
|
|
Pedro Jacques Santos Santiago <pedro__jacques@hotmail.com>
|
|
for reporting several bugs
|
|
|
|
Marek Sarvas <marek.sarvas@gmail.com>
|
|
for reporting several bugs
|
|
|
|
Philippe A. R. Schaeffer <schaeff@compuphil.de>
|
|
for reporting a minor bug
|
|
|
|
Jorge Santos <jorge_a_santos@hotmail.com>
|
|
for reporting a minor bug
|
|
|
|
Sven Schluter <sschlueter@netzwerk.cc>
|
|
for providing with a patch for waiting a number of seconds between
|
|
each HTTP request
|
|
|
|
Ryan Sears <rdsears@mtu.edu>
|
|
for suggesting a couple of enhancements
|
|
for donating to sqlmap development
|
|
|
|
Uemit Seren <uemit.seren@gmail.com>
|
|
for reporting a minor adjustment when running with python 2.6
|
|
|
|
Ahmed Shawky <ahmed@isecur1ty.org>
|
|
for reporting a major bug with improper handling of parameter values
|
|
for reporting a bug
|
|
|
|
Brian Shura <bshura@appsecconsulting.com>
|
|
for reporting a bug
|
|
|
|
Sumit Siddharth <sid@notsosecure.com>
|
|
for providing me with ideas on the implementation of a couple of
|
|
features
|
|
|
|
Andre Silva <andreoaz@gmail.com>
|
|
for reporting a bug
|
|
|
|
M Simkin <mlsimkin@cox.net>
|
|
for suggesting a feature
|
|
|
|
Konrads Smelkovs <konrads@smelkovs.com>
|
|
for reporting a few bugs in --sql-shell and --sql-query on Microsoft
|
|
SQL Server
|
|
|
|
Michael D. Stenner <mstenner@linux.duke.edu>
|
|
for his keepalive module that allows handling of persistent
|
|
HTTP 1.1 keep-alive connections
|
|
|
|
Marek Stiefenhofer <m.stiefenhofer@r-tec.net>
|
|
for reporting a bug
|
|
|
|
Jason Swan <jasoneswan@gmail.com>
|
|
for reporting a bug when enumerating columns on Microsoft SQL Server
|
|
for suggesting a couple of improvements
|
|
|
|
Chilik Tamir <phenoman@gmail.com>
|
|
for providing a patch for initial support SOAP requests
|
|
|
|
Alessandro Tanasi <alessandro@tanasi.it>
|
|
for extensively beta-testing sqlmap
|
|
for suggesting many features and reporting some bugs
|
|
for reviewing the documentation
|
|
|
|
Andres Tarasco <atarasco@gmail.com>
|
|
for providing me with good feedback
|
|
|
|
Tom Thumb <k1971@live.co.uk>
|
|
for reporting a major bug
|
|
|
|
Kazim Bugra Tombul <mhackmail@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Efrain Torres <et@metasploit.com>
|
|
for helping me out to improve the Metasploit Framework 3 sqlmap
|
|
auxiliary module and for commiting it on the Metasploit official
|
|
subversion repository
|
|
for his great Metasploit WMAP Framework
|
|
|
|
Sandro Tosi <matrixhasu@gmail.com>
|
|
for helping to create sqlmap Debian package correctly
|
|
|
|
Jacco van Tuijl <jaccovantuijl@gmail.com>
|
|
for reporting several bugs
|
|
|
|
Vitaly Turenko <dsu@dsu.com.ua>
|
|
for reporting a bug
|
|
|
|
Augusto Urbieta <x2xpy50@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Bedirhan Urgun <bedirhanurgun@gmail.com>
|
|
for reporting a few bugs
|
|
for suggesting some features and improvements
|
|
for benchmarking sqlmap in the context of his SQL injection
|
|
benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
|
|
|
|
Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
|
|
for reporting a couple of minor bugs
|
|
|
|
Carlos Gabriel Vergara <carlosgabrielvergara@gmail.com>
|
|
for suggesting couple of good features
|
|
|
|
Anthony Zboralski <anthony.zboralski@bellua.com>
|
|
for providing me with detailed feedback
|
|
for reporting a few minor bugs
|
|
for donating to sqlmap development
|
|
|
|
Thierry Zoller <thierry@zoller.lu>
|
|
for reporting a couple of major bugs
|
|
|
|
-insane- <insane_@gmx.de>
|
|
for reporting a minor bug
|
|
|
|
abc abc <biedimc@gmx.net>
|
|
for reporting a minor bug
|
|
|
|
Brandon E. <brandonpoc@gmail.com>
|
|
for reporting a bug
|
|
|
|
black zero <timeisflowing@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
buawig <buawig@gmail.com>
|
|
for reporting considerable amount of bugs
|
|
|
|
Bugtrace <bugtrace@gmail.com>
|
|
for reporting several bugs
|
|
|
|
dragoun dash <dragoun.dash@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
fufuh <fufuh@users.sourceforge.net>
|
|
for reporting a bug when running on Windows
|
|
|
|
james <james@ev6.net>
|
|
for reporting a bug
|
|
|
|
m4l1c3 <malice.anon@gmail.com>
|
|
for reporting considerable amount of bugs
|
|
|
|
mariano <marianoso@gmail.com>
|
|
for reporting a bug
|
|
|
|
mitchell <mitchell@tufala.net>
|
|
for reporting a bug
|
|
|
|
nightman <nightman@email.de>
|
|
for reporting several bugs
|
|
|
|
pacman730 <pacman730@users.sourceforge.net>
|
|
for reporting a bug
|
|
|
|
Phat R. <phatthanaphol@gmail.com>
|
|
for reporting a minor bug
|
|
|
|
Joe "Pragmatk" <pragmatk@gmail.com>
|
|
for reporting a few bugs
|
|
|
|
ragos <ragos@joker.ms>
|
|
for reporting a minor bug
|
|
|
|
shiftzwei <shiftzwei@gmail.com>
|
|
for reporting a couple of bugs
|
|
|
|
Stuffe <stuffe.dk@gmail.com>
|
|
for reporting a minor bug and a feature request
|
|
|
|
Sylphid <sylphid.su@sti.com.tw>
|
|
for suggesting some features
|
|
|
|
syssecurity.info <syssecurity7@googlemail.com>
|
|
for reporting a minor bug
|
|
|
|
ToR <sstidus@email.it>
|
|
for reporting considerable amount of bugs
|
|
for suggesting a feature
|
|
|
|
ultramegaman <seclists@ultramegaman.com>
|
|
for reporting a minor bug
|
|
|
|
wanglei <wanglei@17uxi.cn>
|
|
for reporting a minor bug
|
|
|
|
warninggp <warninggp@gmail.com>
|
|
for reporting a few minor bugs
|
|
|
|
x <deep_freeze@mail.ru>
|
|
for reporting a bug
|
|
|
|
== Organizations ==
|
|
|
|
Black Hat team <info@blackhat.com>
|
|
for the opportunity to present my research titled 'Advanced SQL injection
|
|
to operating system full control' at Black Hat Europe 2009 Briefings
|
|
on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some
|
|
of the sqlmap 0.7 release candidate version new features during my
|
|
presentation
|
|
Homepage: http://goo.gl/BKfs7
|
|
Slides: http://goo.gl/Dh65t
|
|
White paper: http://goo.gl/spX3N
|
|
|
|
SOURCE Conference team <press@sourceconference.com>
|
|
for the opportunity to present my research titled 'Expanding the control
|
|
over the operating system from the database' at SOURCE Conference 2009
|
|
on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated
|
|
some of the sqlmap 0.8 release candidate version new features during
|
|
my presentation
|
|
Homepage: http://goo.gl/IeXV4
|
|
Slides: http://goo.gl/OKnfj
|
|
|
|
AthCon Conference team <cfp@athcon.org>
|
|
for the opportunity to present my research titled 'Got database
|
|
access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in
|
|
Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8
|
|
version features during my presentation
|
|
Homepage: http://goo.gl/Fs71I
|
|
Slides: http://goo.gl/QMfjO
|
|
|
|
Metasploit Framework development team <msfdev@metasploit.com>
|
|
for their powerful tool Metasploit Framework 3, used by sqlmap, among
|
|
others things, to create the shellcode and establish an out-of-band
|
|
connection between sqlmap and the database server
|
|
Homepage: http://www.metasploit.com
|
|
|
|
OWASP Board <info@owasp.org>
|
|
for sponsoring part of the sqlmap development in the context of OWASP
|
|
Spring of Code 2007
|
|
Homepage: http://www.owasp.org
|