|
1 | 1 | sqlmap (0.9-1) stable; urgency=low |
2 | 2 |
|
| 3 | + * Rewritten SQL injection detection engine (Bernardo and Miroslav). |
3 | 4 | * Support to directly connect to the database without passing via a |
4 | 5 | SQL injection, -d switch (Bernardo and Miroslav). |
| 6 | + * Added full support for both time-based blind SQL injection and |
| 7 | + error-based SQL injection techniques (Bernardo and Miroslav). |
5 | 8 | * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). |
6 | | - * Initial support for Firebird, Sybase and SAP MaxDB (Miroslav). |
| 9 | + * Implemented support for Firebird (Bernardo and Miroslav). |
| 10 | + * Implemented support for Microsoft Access, Sybase and SAP MaxDB |
| 11 | + (Miroslav). |
7 | 12 | * Extended old '--dump -C' functionality to be able to search for |
8 | 13 | specific database(s), table(s) and column(s), --search switch |
9 | 14 | (Bernardo). |
10 | 15 | * Added support to tamper injection data with --tamper switch (Bernardo |
11 | 16 | and Miroslav). |
| 17 | + * Added automatic recognition of password hashes format and support to |
| 18 | + crack them with a dictionary-based attack (Miroslav). |
12 | 19 | * Added support to enumerate roles on Oracle, --roles switch (Bernardo). |
13 | 20 | * Added support for SOAP based web services requests (Bernardo). |
14 | 21 | * Added support to fetch unicode data (Bernardo and Miroslav). |
15 | 22 | * Added support to use persistent HTTP(s) connection for speed |
16 | 23 | improvement, --keep-alive switch (Miroslav). |
17 | | - * Implemented HTTP proxy authentication support, --proxy-cred switch |
| 24 | + * Support to test and inject against HTTP Referer header (Miroslav). |
| 25 | + * Implemented HTTP(s) proxy authentication support, --proxy-cred switch |
18 | 26 | (Miroslav). |
19 | 27 | * Implemented feature to speedup the enumeration of table names |
20 | 28 | (Miroslav). |
21 | | - * Support for customizable HTTP redirections (Bernardo). |
| 29 | + * Support for customizable HTTP(s) redirections (Bernardo). |
22 | 30 | * Support to replicate the back-end DBMS tables structure and entries |
23 | 31 | in a local SQLite 3 database, --replicate switch (Miroslav). |
24 | 32 | * Support to parse and test forms on target url, --forms switch |
25 | | - (Miroslav). |
26 | | - * Added switches to brute-force table names with a dictionary attack, |
27 | | - --common-exists and --exists. Useful for instance when system table |
28 | | - 'information_schema' is not available on MySQL (Miroslav). |
| 33 | + (Bernardo and Miroslav). |
| 34 | + * Added switches to brute-force tables names and columns names with a |
| 35 | + dictionary attack, --common-tables and --common-columns. Useful for |
| 36 | + instance when system table 'information_schema' is not available on |
| 37 | + MySQL (Miroslav). |
29 | 38 | * Basic support for REST-style URL parameters by using the asterisk (*) |
30 | 39 | to mark where to test for and exploit SQL injection (Miroslav). |
31 | 40 | * Added safe URL feature, --safe-url and --safe-freq (Miroslav). |
32 | | - * Added --text-only switch to strip from the HTTP body the HTML/JS code |
33 | | - and compare pages based only on their textual content (Miroslav). |
34 | | - * Several bugs fixed (Bernardo and Miroslav). |
| 41 | + * Added --text-only switch to strip from the HTTP response body the |
| 42 | + HTML/JS code and compare pages based only on their textual content |
| 43 | + (Miroslav). |
| 44 | + * Over 100 bugs fixed (Bernardo and Miroslav). |
35 | 45 | * Major code refactoring (Bernardo and Miroslav). |
36 | 46 | * User's manual updated (Bernardo). |
37 | 47 |
|
|
0 commit comments