mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			598 lines
		
	
	
		
			31 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			598 lines
		
	
	
		
			31 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| sqlmap (1.0-1) stable; urgency=low
 | |
| 
 | |
|   * Implemented support for automatic decoding of page content through detected
 | |
|     charset (Miroslav)
 | |
|   * Implemented mechanism for proper data dumping on DBMSes not supporting
 | |
|     LIMIT/OFFSET like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.)
 | |
|     (Miroslav)
 | |
|   * Major improvements to program stabilization based on user reports (Miroslav)
 | |
|   * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms
 | |
|     (Miroslav)
 | |
|   * Added support for setting Tor proxy type together with port (Miroslav)
 | |
|   * Fixed major bug with DNS leaking in Tor mode (Miroslav)
 | |
|   * Added wordlist compilation made of the most popular cracking dictionaries
 | |
|     (Miroslav)
 | |
|   * Added support for mnemonics substantially helping user with program setup
 | |
|     (Miroslav)
 | |
|   * Implemented multi-processor hash cracking routine(s) on Linux OS (Miroslav)
 | |
|   * Implemented advanced detection techniques for inband and time-based
 | |
|     injections by usage of standard deviation method (Miroslav)
 | |
|   * Old resume files are now deprecated and replaced by faster SQLite based
 | |
|     session mechanism (Miroslav)
 | |
|   * Substantial code optimization and smaller memory footprint (Miroslav)
 | |
|   * Added switch -m for scanning multiple targets enlisted in a given textual
 | |
|     file (Miroslav)
 | |
|   * Added switch --randomize for randomly changing value of a given
 | |
|     parameter(s) based on it's original form (Miroslav)
 | |
|   * Added switch --force-ssl for forcing usage of SSL/HTTPS requests (Miroslav)
 | |
|   * Added switch --host for manually setting HTTP Host header value (Miroslav)
 | |
|   * Added switch --eval for evaluating provided Python code (with resulting
 | |
|     parameter values) right before the request itself (Miroslav)
 | |
|   * Added switch --skip for skipping tests for given parameter(s) (Miroslav)
 | |
|   * Added switch --titles for comparing pages based only on their titles
 | |
|     (Miroslav)
 | |
|   * Added switch --charset for forcing character encoding used for data
 | |
|     retrieval (Miroslav)
 | |
|   * Added switch --check-tor for checking if Tor is used properly (Miroslav)
 | |
|   * Added switch --crawl for multithreaded crawling of a given website starting
 | |
|     from the target url (Miroslav)
 | |
|   * Added switch --csv-del for manually setting delimiting character used in CSV
 | |
|     output (Miroslav)
 | |
|   * Added switch --hex for using DBMS hex conversion function(s) for data
 | |
|     retrieval (Miroslav)
 | |
|   * Added switch --smart for conducting through tests only in case of positive
 | |
|     heuristic(s) (Miroslav)
 | |
|   * Added switch --check-waf for checking of existence of WAF/IPS/IDS protection
 | |
|     (Miroslav)
 | |
|   * Added --schema switch to enumerate DBMS schema: shows all columns of
 | |
|     all databases' tables (Bernardo)
 | |
|   * Added --count switch to count the number of entries for a specific
 | |
|     table or all database(s) tables (Bernardo)
 | |
|   * Major improvements to --tables and --columns switches (Bernardo)
 | |
|   * Takeover switch --os-pwn improved: stealthier, faster and AV-proof
 | |
|     (Bernardo)
 | |
|   * Added --mobile switch to imitate a mobile device through HTTP
 | |
|     User-Agent header (Miroslav)
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  XXX, XX XXX 2011 10:00:00 +0000
 | |
| 
 | |
| sqlmap (0.9-1) stable; urgency=low
 | |
| 
 | |
|   * Rewritten SQL injection detection engine (Bernardo and Miroslav).
 | |
|   * Support to directly connect to the database without passing via a
 | |
|     SQL injection, -d switch (Bernardo and Miroslav).
 | |
|   * Added full support for both time-based blind SQL injection and
 | |
|     error-based SQL injection techniques (Bernardo and Miroslav).
 | |
|   * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
 | |
|   * Implemented support for Firebird (Bernardo and Miroslav).
 | |
|   * Implemented support for Microsoft Access, Sybase and SAP MaxDB
 | |
|     (Miroslav).
 | |
|   * Extended old '--dump -C' functionality to be able to search for
 | |
|     specific database(s), table(s) and column(s), --search switch
 | |
|     (Bernardo).
 | |
|   * Added support to tamper injection data with --tamper switch (Bernardo
 | |
|     and Miroslav).
 | |
|   * Added automatic recognition of password hashes format and support to
 | |
|     crack them with a dictionary-based attack (Miroslav).
 | |
|   * Added support to enumerate roles on Oracle, --roles switch (Bernardo).
 | |
|   * Added support for SOAP based web services requests (Bernardo).
 | |
|   * Added support to fetch unicode data (Bernardo and Miroslav).
 | |
|   * Added support to use persistent HTTP(s) connection for speed
 | |
|     improvement, --keep-alive switch (Miroslav).
 | |
|   * Implemented several optimization switches to speed up the exploitation
 | |
|     of SQL injections (Bernardo and Miroslav).
 | |
|   * Support to test and inject against HTTP Referer header (Miroslav).
 | |
|   * Implemented HTTP(s) proxy authentication support, --proxy-cred switch
 | |
|     (Miroslav).
 | |
|   * Implemented feature to speedup the enumeration of table names
 | |
|     (Miroslav).
 | |
|   * Support for customizable HTTP(s) redirections (Bernardo).
 | |
|   * Support to replicate the back-end DBMS tables structure and entries
 | |
|     in a local SQLite 3 database, --replicate switch (Miroslav).
 | |
|   * Support to parse and test forms on target url, --forms switch
 | |
|     (Bernardo and Miroslav).
 | |
|   * Added switches to brute-force tables names and columns names with a
 | |
|     dictionary attack, --common-tables and --common-columns. Useful for
 | |
|     instance when system table 'information_schema' is not available on
 | |
|     MySQL (Miroslav).
 | |
|   * Basic support for REST-style URL parameters by using the asterisk (*)
 | |
|     to mark where to test for and exploit SQL injection (Miroslav).
 | |
|   * Added safe URL feature, --safe-url and --safe-freq (Miroslav).
 | |
|   * Added --text-only switch to strip from the HTTP response body the
 | |
|     HTML/JS code and compare pages based only on their textual content
 | |
|     (Miroslav).
 | |
|   * Implemented few other features and switches (Bernardo and Miroslav).
 | |
|   * Over 100 bugs fixed (Bernardo and Miroslav).
 | |
|   * Major code refactoring (Bernardo and Miroslav).
 | |
|   * User's manual updated (Bernardo).
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sun, 10 Apr 2011 21:00:00 +0000
 | |
| 
 | |
| sqlmap (0.8-1) stable; urgency=low
 | |
| 
 | |
|   * Support to enumerate and dump all databases' tables containing user
 | |
|     provided column(s) by specifying for instance '--dump -C user,pass'.
 | |
|     Useful to identify for instance tables containing custom application
 | |
|     credentials (Bernardo).
 | |
|   * Support to parse -C (column name(s)) when fetching
 | |
|     columns of a table with --columns: it will enumerate only columns like
 | |
|     the provided one(s) within the specified table (Bernardo).
 | |
|   * Support for takeover features on PostgreSQL 8.4 (Bernardo).
 | |
|   * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
 | |
|     'getsystem' command to elevate privileges of the user running the
 | |
|     back-end DBMS instance to SYSTEM on Windows (Bernardo).
 | |
|   * Automatic support in --os-pwn to use the web uploader/backdoor to
 | |
|     upload and execute the Metasploit payload stager when stacked queries
 | |
|     SQL injection is not supported, for instance on MySQL/PHP and
 | |
|     MySQL/ASP, but there is a writable folder within the web server
 | |
|     document root (Bernardo and Miroslav).
 | |
|   * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
 | |
|     useful when web application does not support stacked queries (Bernardo).
 | |
|   * Added support to properly read (--read-file) also binary files via
 | |
|     PostgreSQL by injecting sqlmap new sys_fileread() user-defined
 | |
|     function (Bernardo and Miroslav).
 | |
|   * Updated active fingerprint and comment injection fingerprint for
 | |
|     MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
 | |
|   * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
 | |
|   * Support for NTLM authentication via python-ntlm third party library,
 | |
|     http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
 | |
|   * Support to automatically decode deflate, gzip and x-gzip HTTP
 | |
|     responses (Miroslav).
 | |
|   * Support for Certificate authentication, --auth-cert option added
 | |
|     (Miroslav).
 | |
|   * Added support for regular expression based scope when parsing Burp or
 | |
|     Web Scarab proxy log file (-l), --scope (Miroslav).
 | |
|   * Added option (-r) to load a single HTTP request from a text file
 | |
|     (Miroslav).
 | |
|   * Added option (--ignore-proxy) to ignore system default HTTP proxy
 | |
|     (Miroslav).
 | |
|   * Added support to ignore Set-Cookie in HTTP responses,
 | |
|     --drop-set-cookie (Miroslav).
 | |
|   * Added support to specify which Google dork result page to parse,
 | |
|     --gpage to be used together with -g (Miroslav).
 | |
|   * Major bug fix and enhancements to the multi-threading (--threads)
 | |
|     functionality (Miroslav).
 | |
|   * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
 | |
|     (Miroslav).
 | |
|   * Refactored --update to use python-svn third party library if available
 | |
|     or 'svn' command to update sqlmap to the latest development version
 | |
|     from subversion repository (Bernardo and Miroslav).
 | |
|   * Major bugs fixed (Bernardo and Miroslav).
 | |
|   * Cleanup of UDF source code repository,
 | |
|     https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
 | |
|     and Miroslav).
 | |
|   * Major code cleanup (Miroslav).
 | |
|   * Added simple file encryption/compression utility, extra/cloak/cloak.py,
 | |
|     used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
 | |
|     shells consequently reducing drastically the number of anti-virus
 | |
|     softwares that mistakenly mark sqlmap as a malware (Miroslav).
 | |
|   * Updated user's manual (Bernardo and Miroslav).
 | |
|   * Created several demo videos, hosted on YouTube
 | |
|     (http://www.youtube.com/user/inquisb) and linked from
 | |
|     http://www.sqlmap.org/demo.html (Bernardo).
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sun, 14 Mar 2010 10:00:00 +0000
 | |
| 
 | |
| sqlmap (0.8rc1-1) stable; urgency=low
 | |
| 
 | |
|   * Major enhancement to the Microsoft SQL Server stored procedure
 | |
|     heap-based buffer overflow exploit (--os-bof) to automatically bypass
 | |
|     DEP memory protection.
 | |
|   * Added support for MySQL and PostgreSQL to execute Metasploit shellcode
 | |
|     via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
 | |
|     option instead of uploading the standalone payload stager executable.
 | |
|   * Added options for MySQL, PostgreSQL and Microsoft SQL Server to
 | |
|     read/add/delete Windows registry keys.
 | |
|   * Added options for MySQL and PostgreSQL to inject custom user-defined
 | |
|     functions.
 | |
|   * Added support for --first and --last so the user now has even more
 | |
|     granularity in what to enumerate in the query output.
 | |
|   * Minor enhancement to save the session by default in
 | |
|     'output/hostname/session' file if -s option is not specified.
 | |
|   * Minor improvement to automatically remove sqlmap created temporary
 | |
|     files from the DBMS underlying file system.
 | |
|   * Minor bugs fixed.
 | |
|   * Major code refactoring.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Mon, 21 Sep 2009 15:00:00 +0000
 | |
| 
 | |
| sqlmap (0.7-1) stable; urgency=low
 | |
| 
 | |
|   * Adapted Metasploit wrapping functions to work with latest 3.3
 | |
|     development version too.
 | |
|   * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
 | |
|   * Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or
 | |
|     --os-bof is selected) when running under Windows because msfconsole
 | |
|     and msfcli are not supported on the native Windows Ruby interpreter.
 | |
|     This make sqlmap 0.7 to work again on Windows too.
 | |
|   * Minor improvement so that sqlmap tests also all parameters with no
 | |
|     value (eg. par=).
 | |
|   * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and
 | |
|     2.6+.
 | |
|   * Major bug fix to sql-query/sql-shell features.
 | |
|   * Major bug fix in --read-file option.
 | |
|   * Major silent bug fix to multi-threading functionality.
 | |
|   * Fixed the web backdoor functionality (for MySQL) when (usually) stacked
 | |
|     queries are not supported and --os-shell is provided.
 | |
|   * Fixed MySQL 'comment injection' version fingerprint.
 | |
|   * Fixed basic Microsoft SQL Server 2000 fingerprint.
 | |
|   * Many minor bug fixes and code refactoring.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sat, 25 Jul 2009 10:00:00 +0000
 | |
| 
 | |
| sqlmap (0.7rc1-1) stable; urgency=low
 | |
| 
 | |
|   * Added support to execute arbitrary commands on the database server
 | |
|     underlying operating system either returning the standard output or not
 | |
|     via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored
 | |
|     procedure on Microsoft SQL Server;
 | |
|   * Added support for out-of-band connection between the attacker box and
 | |
|     the database server underlying operating system via stand-alone payload
 | |
|     stager created by Metasploit and supporting Meterpreter, shell and VNC
 | |
|     payloads for both Windows and Linux;
 | |
|   * Added support for out-of-band connection via Microsoft SQL Server 2000
 | |
|     and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer
 | |
|     overflow (MS09-004) exploitation with multi-stage Metasploit payload
 | |
|     support;
 | |
|   * Added support for out-of-band connection via SMB reflection attack with
 | |
|     UNC path request from the database server to the attacker box by using
 | |
|     the Metasploit smb_relay exploit;
 | |
|   * Added support to read and write (upload) both text and binary files on
 | |
|     the database server underlying file system for MySQL, PostgreSQL and
 | |
|     Microsoft SQL Server;
 | |
|   * Added database process' user privilege escalation via Windows Access
 | |
|     Tokens kidnapping on MySQL and Microsoft SQL Server via either
 | |
|     Meterpreter's incognito extension or Churrasco stand-alone executable;
 | |
|   * Speed up the inference algorithm by providing the minimum required
 | |
|     charset for the query output;
 | |
|   * Major bug fix in the comparison algorithm to correctly handle also the
 | |
|     case that the url is stable and the False response changes the page
 | |
|     content very little;
 | |
|   * Many minor bug fixes, minor enhancements and layout adjustments.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Wed, 22 Apr 2009 10:30:00 +0000
 | |
| 
 | |
| sqlmap (0.6.4-1) stable; urgency=low
 | |
| 
 | |
|   * Major enhancement to make the comparison algorithm work properly also
 | |
|     on url not stables automatically by using the difflib Sequence Matcher
 | |
|     object;
 | |
|   * Major enhancement to support SQL data definition statements, SQL data
 | |
|     manipulation statements, etc from user in SQL query and SQL shell if
 | |
|     stacked queries are supported by the web application technology;
 | |
|   * Major speed increase in DBMS basic fingerprint;
 | |
|   * Minor enhancement to support an option (--is-dba) to show if the
 | |
|     current user is a database management system administrator;
 | |
|   * Minor enhancement to support an option (--union-tech) to specify the
 | |
|     technique to use to detect the number of columns used in the web
 | |
|     application SELECT statement: NULL bruteforcing (default) or ORDER BY
 | |
|     clause bruteforcing;
 | |
|   * Added internal support to forge CASE statements, used only by --is-dba
 | |
|     query at the moment;
 | |
|   * Minor layout adjustment to the --update output;
 | |
|   * Increased default timeout to 30 seconds;
 | |
|   * Major bug fix to correctly handle custom SQL "limited" queries on
 | |
|     Microsoft SQL Server and Oracle;
 | |
|   * Major bug fix to avoid tracebacks when multiple targets are specified
 | |
|     and one of them is not reachable;
 | |
|   * Minor bug fix to make the Partial UNION query SQL injection technique
 | |
|     work properly also on Oracle and Microsoft SQL Server;
 | |
|   * Minor bug fix to make the --postfix work even if --prefix is not
 | |
|     provided;
 | |
|   * Updated documentation.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Tue,  3 Feb 2009 23:30:00 +0000
 | |
| 
 | |
| sqlmap (0.6.3-1) stable; urgency=low
 | |
| 
 | |
|   * Major enhancement to get list of targets to test from Burp proxy
 | |
|     (http://portswigger.net/suite/) requests log file path or WebScarab
 | |
|     proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
 | |
|     'conversations/' folder path by providing option -l <filepath>;
 | |
|   * Major enhancement to support Partial UNION query SQL injection
 | |
|     technique too;
 | |
|   * Major enhancement to test if the web application technology supports
 | |
|     stacked queries (multiple statements) by providing option
 | |
|     --stacked-test which will be then used someday also by takeover
 | |
|     functionality;
 | |
|   * Major enhancement to test if the injectable parameter is affected by
 | |
|     a time based blind SQL injection technique by providing option
 | |
|     --time-test;
 | |
|   * Minor enhancement to fingerprint the web server operating system and
 | |
|     the web application technology by parsing some HTTP response headers;
 | |
|   * Minor enhancement to fingerprint the back-end DBMS operating system by
 | |
|     parsing the DBMS banner value when -b option is provided;
 | |
|   * Minor enhancement to be able to specify the number of seconds before
 | |
|     timeout the connection by providing option --timeout #, default is set
 | |
|     to 10 seconds and must be 3 or higher;
 | |
|   * Minor enhancement to be able to specify the number of seconds to wait
 | |
|     between each HTTP request by providing option --delay #;
 | |
|   * Minor enhancement to be able to get the injection payload --prefix and
 | |
|     --postfix from user;
 | |
|   * Minor enhancement to be able to enumerate table columns and dump table
 | |
|     entries, also when the database name is not provided, by using the
 | |
|     current database on MySQL and Microsoft SQL Server, the 'public'
 | |
|     scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
 | |
|   * Minor enhancemet to support also --regexp, --excl-str and --excl-reg
 | |
|     options rather than only --string when comparing HTTP responses page
 | |
|     content;
 | |
|   * Minor enhancement to be able to specify extra HTTP headers by providing
 | |
|     option --headers. By default Accept, Accept-Language and Accept-Charset
 | |
|     headers are set;
 | |
|   * Minor improvement to be able to provide CU (as current user) as user
 | |
|     value (-U) when enumerating users privileges or users passwords;
 | |
|   * Minor improvements to sqlmap Debian package files;
 | |
|   * Minor improvement to use Python psyco (http://psyco.sourceforge.net/)
 | |
|     library if available to speed up the sqlmap algorithmic operations;
 | |
|   * Minor improvement to retry the HTTP request up to three times in case
 | |
|     an exception is raised during the connection to the target url;
 | |
|   * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
 | |
|   * Major bug fix so that when the user provide a SELECT statement to be
 | |
|     processed with an asterisk as columns, now it also work if in the FROM
 | |
|     there is no database name specified;
 | |
|   * Minor bug fix to correctly dump table entries when the column is
 | |
|     provided;
 | |
|   * Minor bug fix to correctly handle session.error, session.timeout and
 | |
|     httplib.BadStatusLine exceptions in HTTP requests;
 | |
|   * Minor bug fix to correctly catch connection exceptions and notify to
 | |
|     the user also if they occur within a thread;
 | |
|   * Increased default output level from 0 to 1;
 | |
|   * Updated documentation.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Thu, 18 Dec 2008 10:00:00 +0000
 | |
| 
 | |
| sqlmap (0.6.2-1) stable; urgency=low
 | |
| 
 | |
|   * Major bug fix to correctly dump tables entries when --stop is not
 | |
|     specified;
 | |
|   * Major bug fix so that the users' privileges enumeration now works
 | |
|     properly also on both MySQL < 5.0 and MySQL >= 5.0;
 | |
|   * Major bug fix when the request is POST to also send the GET parameters
 | |
|     if any have been provided;
 | |
|   * Major bug fix to correctly update sqlmap to the latest stable release
 | |
|     with command line --update;
 | |
|   * Major bug fix so that when the expected value of a query (count
 | |
|     variable) is an integer and, for some reasons, its resumed value from
 | |
|     the session file is a string or a binary file, the query is executed
 | |
|     again and its new output saved to the session file;
 | |
|   * Minor bug fix in MySQL comment injection fingerprint technique;
 | |
|   * Minor improvement to correctly enumerate tables, columns and dump
 | |
|     tables entries on Oracle and on PostgreSQL when the database name is
 | |
|     not 'public' schema or a system database;
 | |
|   * Minor improvement to be able to dump entries on MySQL < 5.0 when
 | |
|     database name, table name and column(s) are provided;
 | |
|   * Updated the database management system fingerprint checks to correctly
 | |
|     identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
 | |
|   * More user-friendly warning messages.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sun,  2 Nov 2008 19:00:00 +0000
 | |
| 
 | |
| sqlmap (0.6.1-1) stable; urgency=low
 | |
| 
 | |
|   * Major bug fix to blind SQL injection bisection algorithm to handle an
 | |
|     exception;
 | |
|   * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
 | |
|   * Implemented possibility to test for and inject also on LIKE
 | |
|     statements;
 | |
|   * Implemented --start and --stop options to set the first and the last
 | |
|     table entry to dump;
 | |
|   * Added non-interactive/batch-mode (--batch) option to make it easy to
 | |
|     wrap sqlmap in Metasploit and any other tool;
 | |
|   * Minor enhancement to save also the length of query output in the
 | |
|     session file when retrieving the query output length for ETA or for
 | |
|     resume purposes;
 | |
|   * Changed the order sqlmap dump table entries from column by column to
 | |
|     row by row. Now it also dumps entries as they are stored in the tables,
 | |
|     not forcing the entries' order alphabetically anymore;
 | |
|   * Minor bug fix to correctly handle parameters' value with % character.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Fri, 20 Oct 2008 10:00:00 +0000
 | |
| 
 | |
| sqlmap (0.6-1) stable; urgency=low
 | |
| 
 | |
|   * Complete code refactor and many bugs fixed;
 | |
|   * Added multithreading support to set the maximum number of concurrent
 | |
|     HTTP requests;
 | |
|   * Implemented SQL shell (--sql-shell) functionality and fixed SQL query
 | |
|     (--sql-query, before called -e) to be able to run whatever SELECT
 | |
|     statement and get its output in both inband and blind SQL injection
 | |
|     attack;
 | |
|   * Added an option (--privileges) to retrieve DBMS users privileges, it
 | |
|     also notifies if the user is a DBMS administrator;
 | |
|   * Added support (-c) to read options from configuration file, an example
 | |
|     of valid INI file is sqlmap.conf and support (--save) to save command
 | |
|     line options on a configuration file;
 | |
|   * Created a function that updates the whole sqlmap to the latest stable
 | |
|     version available by running sqlmap with --update option;
 | |
|   * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)
 | |
|     installation binary packages;
 | |
|   * Created sqlmap .exe (Windows) portable executable;
 | |
|   * Save a lot of more information to the session file, useful when
 | |
|     resuming injection on the same target to not loose time on identifying
 | |
|     injection, UNION fields and back-end DBMS twice or more times;
 | |
|   * Improved automatic check for parenthesis when testing and forging SQL
 | |
|     query vector;
 | |
|   * Now it checks for SQL injection on all GET/POST/Cookie parameters then
 | |
|     it lets the user select which parameter to perform the injection on in
 | |
|     case that more than one is injectable;
 | |
|   * Implemented support for HTTPS requests over HTTP(S) proxy;
 | |
|   * Added a check to handle NULL or not available queries output;
 | |
|   * More entropy (randomStr() and randomInt() functions in
 | |
|     lib/core/common.py) in inband SQL injection concatenated query and in
 | |
|     AND condition checks;
 | |
|   * Improved XML files structure;
 | |
|   * Implemented the possibility to change the HTTP Referer header;
 | |
|   * Added support to resume from session file also when running with
 | |
|     inband SQL injection attack;
 | |
|   * Added an option (--os-shell) to execute operating system commands if
 | |
|     the back-end DBMS is MySQL, the web server has the PHP engine active
 | |
|     and permits write access on a directory within the document root;
 | |
|   * Added a check to assure that the provided string to match (--string)
 | |
|     is within the page content;
 | |
|   * Fixed various queries in XML file;
 | |
|   * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
 | |
|     the library to parse it;
 | |
|   * Fixed password fetching function, mainly for Microsoft SQL Server and
 | |
|     reviewed the password hashes parsing function;
 | |
|   * Major bug fixed to avoid tracebacks when the testable parameter(s) is
 | |
|     dynamic, but not injectable;
 | |
|   * Enhanced logging system: added three more levels of verbosity to show
 | |
|     also HTTP sent and received traffic;
 | |
|   * Enhancement to handle Set-Cookie from target url and automatically
 | |
|     re-establish the Session when it expires;
 | |
|   * Added support to inject also on Set-Cookie parameters;
 | |
|   * Implemented TAB completion and command history on both --sql-shell and
 | |
|     --os-shell;
 | |
|   * Renamed some command line options;
 | |
|   * Added a conversion library;
 | |
|   * Added code schema and reminders for future developments;
 | |
|   * Added Copyright comment and $Id$;
 | |
|   * Updated the command line layout and help messages;
 | |
|   * Updated some docstrings;
 | |
|   * Updated documentation files.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Mon,  1 Sep 2008 10:00:00 +0100
 | |
| 
 | |
| sqlmap (0.5-1) stable; urgency=low
 | |
| 
 | |
|   * Added support for Oracle database management system
 | |
|   * Extended inband SQL injection functionality (--union-use) to all
 | |
|     other possible queries since it only worked with -e and --file on
 | |
|     all DMBS plugins;
 | |
|   * Added support to extract database users password hash on Microsoft
 | |
|     SQL Server;
 | |
|   * Added a fuzzer function with the aim to parse HTML page looking
 | |
|     for standard database error messages consequently improving
 | |
|     database fingerprinting;
 | |
|   * Added support for SQL injection on HTTP Cookie and User-Agent headers;
 | |
|   * Reviewed HTTP request library (lib/request.py) to support the
 | |
|     extended inband SQL injection functionality. Splitted getValue()
 | |
|     into getInband() and getBlind();
 | |
|   * Major enhancements in common library and added checkForBrackets()
 | |
|     method to check if the bracket(s) are needed to perform a UNION query
 | |
|     SQL injection attack;
 | |
|   * Implemented --dump-all functionality to dump entire DBMS data from
 | |
|     all databases tables;
 | |
|   * Added support to exclude DBMS system databases' when enumeration
 | |
|     tables and dumping their entries (--exclude-sysdbs);
 | |
|   * Implemented in Dump.dbTableValues() method the CSV file dumped data
 | |
|     automatic saving in csv/ folder by default;
 | |
|   * Added DB2, Informix and Sybase DBMS error messages and minor
 | |
|     improvements in xml/errors.xml;
 | |
|   * Major improvement in all three DBMS plugins so now sqlmap does not
 | |
|     get entire databases' tables structure when all of database/table/
 | |
|     column are specified to be dumped;
 | |
|   * Important fixes in lib/option.py to make sqlmap properly work also
 | |
|     with python 2.5 and handle the CSV dump files creation work also
 | |
|     under Windows operating system, function __setCSVDir() and fixed
 | |
|     also in lib/dump.py;
 | |
|   * Minor enhancement in lib/injection.py to randomize the number
 | |
|     requested to test the presence of a SQL injection affected parameter
 | |
|     and implemented the possibilities to break (q) the for cycle when
 | |
|     using the google dork option (-g);
 | |
|   * Minor fix in lib/request.py to properly encode the url to request
 | |
|     in case the "fixed" part of the url has blank spaces;
 | |
|   * More minor layout enhancements in some libraries;
 | |
|   * Renamed DMBS plugins;
 | |
|   * Complete code refactoring, a lot of minor and some major fixes in
 | |
|     libraries, many minor improvements;
 | |
|   * Updated all documentation files.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sun,  4 Nov 2007 20:00:00 +0100
 | |
| 
 | |
| sqlmap (0.4-1) stable; urgency=low
 | |
| 
 | |
|   * Added DBMS fingerprint based also upon HTML error messages parsing
 | |
|     defined in lib/parser.py which reads an XML file defining default
 | |
|     error messages for each supported DBMS;
 | |
|   * Added Microsoft SQL Server extensive DBMS fingerprint checks based
 | |
|     upon accurate '@@version' parsing matching on an XML file to get also
 | |
|     the exact patching level of the DBMS;
 | |
|   * Added support for query ETA (Estimated Time of Arrival) real time
 | |
|     calculation (--eta);
 | |
|   * Added support to extract database management system users password
 | |
|     hash on MySQL and PostgreSQL (--passwords);
 | |
|   * Added docstrings to all functions, classes and methods, consequently
 | |
|     released the sqlmap development documentation
 | |
|     <http://www.sqlmap.org/dev/>;
 | |
|   * Implemented Google dorking feature (-g) to take advantage of Google
 | |
|     results affected by SQL injection to perform other command line
 | |
|     argument on their DBMS;
 | |
|   * Improved logging functionality: passed from banal 'print' to Python
 | |
|     native logging library;
 | |
|   * Added support for more than one parameter in '-p' command line
 | |
|     option;
 | |
|   * Added support for HTTP Basic and Digest authentication methods
 | |
|     (--basic-auth and --digest-auth);
 | |
|   * Added the command line option '--remote-dbms' to manually specify
 | |
|     the remote DBMS;
 | |
|   * Major improvements in union.UnionCheck() and union.UnionUse()
 | |
|     functions to make it possible to exploit inband SQL injection also
 | |
|     with database comment characters ('--' and '#') in UNION query
 | |
|     statements;
 | |
|   * Added the possibility to save the output into a file while performing
 | |
|     the queries (-o OUTPUTFILE) so it is possible to stop and resume the
 | |
|     same query output retrieving in a second time (--resume);
 | |
|   * Added support to specify the database table column to enumerate
 | |
|     (-C COL);
 | |
|   * Added inband SQL injection (UNION query) support (--union-use);
 | |
|   * Complete code refactoring, a lot of minor and some major fixes in
 | |
|     libraries, many minor improvements;
 | |
|   * Reviewed the directory tree structure;
 | |
|   * Splitted lib/common.py: inband injection functionalities now are
 | |
|     moved to lib/union.py;
 | |
|   * Updated documentation files.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Fri, 15 Jun 2007 20:00:00 +0100
 | |
| 
 | |
| sqlmap (0.3-1) stable; urgency=low
 | |
| 
 | |
|   * Added module for MS SQL Server;
 | |
|   * Strongly improved MySQL dbms active fingerprint and added MySQL
 | |
|     comment injection check;
 | |
|   * Added PostgreSQL dbms active fingerprint;
 | |
|   * Added support for string match (--string);
 | |
|   * Added support for UNION check (--union-check);
 | |
|   * Removed duplicated code, delegated most of features to the engine
 | |
|     in common.py and option.py;
 | |
|   * Added support for --data command line argument to pass the string
 | |
|     for POST requests;
 | |
|   * Added encodeParams() method to encode url parameters before making
 | |
|     http request;
 | |
|   * Many bug fixes;
 | |
|   * Rewritten documentation files;
 | |
|   * Complete code restyling.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Sat, 20 Jan 2007 20:00:00 +0100
 | |
| 
 | |
| sqlmap (0.2-1) stable; urgency=low
 | |
| 
 | |
|   * complete refactor of entire program;
 | |
|   * added TODO and THANKS files;
 | |
|   * added some papers references in README file;
 | |
|   * moved headers to user-agents.txt, now -f parameter specifies a file
 | |
|     (user-agents.txt) and randomize the selection of User-Agent header;
 | |
|   * strongly improved program plugins (mysqlmap.py and postgres.py),
 | |
|     major enhancements:
 | |
|     * improved active mysql fingerprint check_dbms();
 | |
|     * improved enumeration functions for both databases;
 | |
|     * minor changes in the unescape() functions;
 | |
|   * replaced old inference algorithm with a new bisection algorithm.
 | |
|   * reviewed command line parameters, now with -p it's possible to
 | |
|     specify the parameter you know it's vulnerable to sql injection,
 | |
|     this way the script won't perform the sql injection checks itself;
 | |
|     removed the TOKEN parameter;
 | |
|   * improved Common class, adding support for http proxy and http post
 | |
|     method in hash_page;
 | |
|   * added OptionCheck class in option.py which performs all needed checks
 | |
|     on command line parameters and values;
 | |
|   * added InjectionCheck class in injection.py which performs check on
 | |
|     url stability, dynamics of parameters and injection on dynamic url
 | |
|     parameters;
 | |
|   * improved output methods in dump.py;
 | |
|   * layout enhancement on main program file (sqlmap.py), adapted to call
 | |
|     new option/injection classes and improvements on catching of
 | |
|     exceptions.
 | |
| 
 | |
|  -- Bernardo Damele A. G. <bernardo@sqlmap.org>  Wed, 13 Dec 2006 20:00:00 +0100
 |