From 676bae5302ff2478e389aad10e431cf637d0d337 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 16 Jul 2012 22:56:00 +0100 Subject: [PATCH] minor update --- Features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Features.md b/Features.md index 3c29d8a..90a0d4a 100644 --- a/Features.md +++ b/Features.md @@ -4,7 +4,7 @@ Features implemented in sqlmap include: ## Generic features -* Full support for **MySQL**, **Oracle**, **PostgreSQL**, **Microsoft SQL Server**, **Microsoft Access**, **SQLite**, **Firebird**, **Sybase** and **SAP MaxDB** database management systems. +* Full support for **MySQL**, **Oracle**, **PostgreSQL**, **Microsoft SQL Server**, **Microsoft Access**, **IBM DB2**, **SQLite**, **Firebird**, **Sybase** and **SAP MaxDB** database management systems. * Full support for five SQL injection techniques: **boolean-based blind**, **time-based blind**, **error-based**, **UNION query** and **stacked queries**. * Support to **directly connect to the database** without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. * It is possible to provide a single target URL, get the list of targets from [Burp proxy](http://portswigger.net/suite/) or [WebScarab proxy](http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) requests log files, get the whole HTTP request from a text file or get the list of targets by providing sqlmap with a Google dork which queries [Google](http://www.google.com) search engine and parses its results page. You can also define a regular-expression based scope that is used to identify which of the parsed addresses to test. @@ -34,7 +34,7 @@ Features implemented in sqlmap include: [functions output comparison](http://bernardodamele.blogspot.com/2007/07/more-on-database-management-system.html) and [specific features](http://bernardodamele.blogspot.com/2007/07/more-on-database-management-system.html) such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it. * Basic web server software and web application technology fingerprint. * Support to retrieve the DBMS **banner**, **session user** and **current database** information. The tool can also check if the session user is a **database administrator** (DBA). -* Support to enumerate **database users**, **users' password hashes**, **users' privileges**, **users' roles**, **databases**, **tables** and **columns**. +* Support to enumerate **users, password hashes, privileges, roles, databases, tables and columns**. * Automatic recognition of password hashes format and support to **crack them with a dictionary-based attack**. * Support to **brute-force tables and columns name**. This is useful when the session user has no read access over the system table containing schema information or when the database management system does not store this information anywhere (e.g. MySQL < 5.0).