Skip to content

Commit 8c0ac76

Browse files
bdamelebdamele
committed
Updated to sqlmap 0.7 release candidate 1
1 parent b997df7 commit 8c0ac76

129 files changed

Lines changed: 8370 additions & 1372 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

doc/AUTHORS

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,3 @@
1-
Bernardo Damele A. G. (inquis) - project leader, core developer
1+
Bernardo Damele A. G. (inquis) - Lead developer
22
<bernardo.damele@gmail.com>
3-
PGP Key ID: 0x05F5A30F
4-
5-
Daniele Bellucci (belch) - project founder, initial developer
6-
<daniele.bellucci@gmail.com>
7-
PGP Key ID: 0x9A0E8190
3+
PGP Key ID: 0x05F5A30F

doc/ChangeLog

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,34 @@
1-
sqlmap (0.6.5-1) stable; urgency=low
1+
sqlmap (0.7rc1-1) stable; urgency=low
22

3+
* Added support to execute arbitrary commands on the database server
4+
underlying operating system either returning the standard output or not
5+
via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored
6+
procedure on Microsoft SQL Server;
7+
* Added support for out-of-band connection between the attacker box and
8+
the database server underlying operating system via stand-alone payload
9+
stager created by Metasploit and supporting Meterpreter, shell and VNC
10+
payloads for both Windows and Linux;
11+
* Added support for out-of-band connection via Microsoft SQL Server 2000
12+
and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer
13+
overflow (MS09-004) exploitation with multi-stage Metasploit payload
14+
support;
15+
* Added support for out-of-band connection via SMB reflection attack with
16+
UNC path request from the database server to the attacker box by using
17+
the Metasploit smb_relay exploit;
18+
* Added support to read and write (upload) both text and binary files on
19+
the database server underlying file system for MySQL, PostgreSQL and
20+
Microsoft SQL Server;
21+
* Added database process' user privilege escalation via Windows Access
22+
Tokens kidnapping on MySQL and Microsoft SQL Server via either
23+
Meterpreter's incognito extension or Churrasco stand-alone executable;
24+
* Speed up the inference algorithm by providing the minimum required
25+
charset for the query output;
326
* Major bug fix in the comparison algorithm to correctly handle also the
427
case that the url is stable and the False response changes the page
5-
content very little.
28+
content very little;
29+
* Many minor bug fixes, minor enhancements and layout adjustments.
630

7-
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Day, DD MMM 2009 HH:MM:SS +0000
31+
-- Bernardo Damele A. G. <bernardo.damele@gmail.com> Wed, 22 Apr 2009 10:30:00 +0000
832

933
sqlmap (0.6.4-1) stable; urgency=low
1034

doc/README.html

Lines changed: 276 additions & 180 deletions
Large diffs are not rendered by default.

doc/README.pdf

17.5 KB
Binary file not shown.

doc/README.sgml

Lines changed: 272 additions & 167 deletions
Large diffs are not rendered by default.

doc/THANKS

Lines changed: 64 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,20 @@ Chip Andrews <chip@sqlsecurity.com>
55
at SQLSecurity.com and permission to implement the update feature
66
taking data from his site
77

8+
Daniele Bellucci <daniele.bellucci@gmail.com>
9+
for starting sqlmap project and developing it between July and August
10+
2006
11+
812
Jack Butler <fattredd@hotmail.com>
913
for providing me with the sqlmap site favicon
1014

15+
Cesar Cerrudo <cesar@argeniss.com>
16+
for his Windows access token kidnapping tool Churrasco included in
17+
sqlmap tree as a contrib library and used to run the stand-alone
18+
payload stager on the target Windows machine as SYSTEM user if the
19+
user wants to perform a privilege escalation attack,
20+
http://www.argeniss.com/research/Churrasco.zip
21+
1122
Karl Chen <quarl@cs.berkeley.edu>
1223
for providing with the multithreading patch for the inference
1324
algorithm
@@ -19,6 +30,11 @@ Pierre Chifflier <pollux@debian.org>
1930
Stefano Di Paola <stefano.dipaola@wisec.it>
2031
for suggesting good features
2132

33+
Dan Guido <dguido@gmail.com>
34+
for promoting sqlmap in the context of the Penetration Testing and
35+
Vulnerability Analysis class at the Polytechnic University of New York,
36+
http://isisblogs.poly.edu/courses/pentest/
37+
2238
Adam Faheem <faheem.adam@is.co.za>
2339
for reporting a few bugs
2440

@@ -33,6 +49,9 @@ Giorgio Fedon <giorgio.fedon@gmail.com>
3349
for suggesting a speed improvement for bisection algorithm
3450
for reporting a bug when running against Microsoft SQL Server 2005
3551

52+
Alan Franzoni <alan.franzoni@gmail.com>
53+
for helping me out with Python subprocess library
54+
3655
Ivan Giacomelli <truemilk@insiberia.net>
3756
for reporting a bug
3857
for suggesting a minor enhancement
@@ -59,11 +78,20 @@ Anant Kochhar <anant.kochhar@secureyes.net>
5978
for providing me with feedback on the user's manual
6079

6180
Alexander Kornbrust <ak@red-database-security.com>
62-
for reporting a bug
81+
for reporting a couple of bugs
82+
83+
Guido Landi <lists@keamera.org>
84+
for the great technical discussions
85+
for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
86+
'sp_replwritetovarbin' stored procedure heap-based buffer overflow
87+
(MS09-004) exploit development, http://www.milw0rm.com/author/1413
6388

6489
Nico Leidecker <nico@leidecker.info>
6590
for providing me with feedback on a few features
6691

92+
Gabriel Lima <pato@bugnet.com.br>
93+
for reporting a bug
94+
6795
Pavol Luptak <pavol.luptak@nethemba.com>
6896
for reporting a bug when injecting on a POST data parameter
6997

@@ -73,7 +101,7 @@ Michael Majchrowicz <mmajchrowicz@gmail.com>
73101
for suggesting a lot of ideas and features
74102

75103
Ferruh Mavituna <ferruh@mavituna.com>
76-
for providing me with ideas on the implementation on a couple of
104+
for providing me with ideas on the implementation of a couple of
77105
new features
78106

79107
Enrico Milanese <enricomilanese@gmail.com>
@@ -83,6 +111,14 @@ Enrico Milanese <enricomilanese@gmail.com>
83111
Roberto Nemirovsky <roberto.paes@gmail.com>
84112
for pointing me out some enhancements
85113

114+
Markus Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>
115+
Laszlo Molnar <ml1050@cdata.tvnet.hu>
116+
John F. Reiser <sales@bitwagon.com>
117+
for their great tool UPX (Ultimate Packer for eXecutables) included
118+
in sqlmap tree as a contrib library and used mainly to pack the
119+
Metasploit Framework 3 payload stager portable executable,
120+
http://upx.sourceforge.net
121+
86122
Antonio Parata <s4tan@ictsc.it>
87123
for providing me with some ideas for the PHP backdoor
88124

@@ -123,7 +159,7 @@ Uemit Seren <uemit.seren@gmail.com>
123159
for reporting a minor adjustment when running with python 2.6
124160

125161
Sumit Siddharth <sid@notsosecure.com>
126-
for providing me with ideas on the implementation on a couple of
162+
for providing me with ideas on the implementation of a couple of
127163
features
128164

129165
M Simkin <mlsimkin@cox.net>
@@ -133,6 +169,9 @@ Konrads Smelkovs <konrads@smelkovs.com>
133169
for reporting a few bugs in --sql-shell and --sql-query on Microsoft
134170
SQL Server
135171

172+
Marek Stiefenhofer <m.stiefenhofer@r-tec.net>
173+
for reporting a bug
174+
136175
Jason Swan <jasoneswan@gmail.com>
137176
for reporting a bug when enumerating columns on Microsoft SQL Server
138177
for suggesting a couple of improvements
@@ -142,10 +181,13 @@ Alessandro Tanasi <alessandro@tanasi.it>
142181
for suggesting many features and reporting some bugs
143182
for reviewing the documentation
144183

184+
Andres Tarasco <atarasco@gmail.com>
185+
for providing me with good feedback
186+
145187
Efrain Torres <et@metasploit.com>
146188
for helping me out to improve the Metasploit Framework 3 sqlmap
147189
auxiliary module and for commiting it on the Metasploit official
148-
Subversion repository
190+
subversion repository
149191
for his great Metasploit WMAP Framework
150192

151193
Sandro Tosi <matrixhasu@gmail.com>
@@ -160,6 +202,11 @@ Bedirhan Urgun <bedirhanurgun@gmail.com>
160202
Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
161203
for reporting an unhandled connection exception
162204

205+
Anthony Zboralski <anthony.zboralski@bellua.com>
206+
for providing me with detailed feedback
207+
for reporting a few minor bugs
208+
for donating to sqlmap development
209+
163210
fufuh <fufuh@users.sourceforge.net>
164211
for reporting a bug when running on Windows
165212

@@ -172,6 +219,19 @@ Sylphid <sylphid.su@sti.com.tw>
172219

173220
== Organizations ==
174221

222+
Black Hat team <info@blackhat.com>
223+
for the opportunity to present my research on 'Advanced SQL injection
224+
to operating system full control' at Black Hat Europe 2009 Briefings on
225+
April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of
226+
the sqlmap 0.7 release candidate version new features during my
227+
presentation
228+
229+
Metasploit LLC <msfdev@metasploit.com>
230+
for their powerful tool Metasploit Framework 3, used by sqlmap, among
231+
others things, to create the payload stager and establish an
232+
out-of-band connection between sqlmap and the database server,
233+
http://www.metasploit.com/framework
234+
175235
OWASP Board <http://www.owasp.org>
176236
for sponsoring part of the sqlmap development in the context of OWASP
177237
Spring of Code 2007

0 commit comments

Comments
 (0)