Release Notes: This release features a totally rewritten and powerful SQL injection detection engine, the ability to connect directly to a database server, support for time-based blind SQL injection and error-based SQL injection, support for four new database management systems, and much more.
Release Notes: Support was added for enumerating and dumping all databases' tables containing user provided column(s). This can be useful to identify, for instance, tables containing custom application credentials. --priv-esc was enhanced to rely on new Metasploit Meterpreter's "getsystem" command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. Much more was done.
Release Notes: Metasploit wrapping functions were adapted to work with the latest 3.3 development version too. The code was adjusted to make sqlmap 0.7 work on Mac OS X again. The takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) are reset when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This makes sqlmap 0.7 work on Windows again. A minor improvement was made so that sqlmap also tests all parameters with no value. Many bugs were fixed.
Release Notes: A major enhancement was implemented to make the comparison algorithm work properly on URLs that are not stable by using the difflib Sequence Matcher object. A major enhancement was done to support SQL data definition statements, SQL data manipulation statements, et cetera from the user in SQL query and SQL shell if stacked queries are supported by the Web application technology. A major speed increase was made in DBMS basic fingerprint.
Release Notes: A major bugfix was made to the blind SQL injection bisection algorithm to handle an exception. A Metasploit Framework 3 auxiliary module was added to run sqlmap. The possibility to test for and inject also on LIKE statements was implemented.
Release Notes: This release adds multi-threading support to set the maximum number of concurrent HTTP requests. It implements SQL shell (--sql-shell) functionality, and fixes SQL query (--sql-query, previously called -e) to be able to run any SELECT statement and get its output in both inband and blind SQL injection attacks. An option (--privileges) to retrieve DBMS user privileges has been added. It also notifies whether the user is a DBMS administrator. Support (-c) has been added to read options from a configuration file. An example of a valid INI file is sqlmap.conf. Support (--save) has been added to save command line options in a configuration file.
Release Notes: This release adds support for Oracle, extends inband SQL injection functionality (--union-use) to all possible queries, adds support to extract a database user's password hash on Microsoft SQL Server, adds a fuzzer function with the aim to parse HTML pages looking for standard database error messages (consequently improving database fingerprinting), adds support for SQL injection on HTTP Cookie and User-Agent headers, and has many other changes.
Release Notes: A DBMS fingerprinting method based upon HTML error messages parsing was added. This method is defined in lib/parser.py and reads an XML file defining default error messages for each supported DBMS. Extensive DBMS fingerprint checks for Microsoft SQL Server were added, based upon accurate "@@version" parsing and matching on an XML file to get the exact patching level of the DBMS. Support for real time calculation of query ETA (estimated time of arrival) was added. Support was added for extracting a password hash for database management system users on MySQL and PostgreSQL.
Release Notes: This release adds a PostgreSQL DBMS active fingerprint, a strongly-improved MySQL DBMS active fingerprint and a MySQL comment injection check, an encodeParams() method to encode URL parameters before making an HTTP request, many bugfixes, a module for MS SQL Server, rewritten documentation files, and support for a --data commandline argument (to pass the string for POST requests), for UNION check (--union-check), and for string match (--string). It delegates most of features to the engine in common.py and option.py and removes duplicated code.
Release Notes: The entire program was completely refactored. TODO and THANKS files were added. Some references to papers were added in the README file. Headers were moved to user-agents.txt, so now the -f parameter specifies a file (user-agents.txt) and randomizes the selection of User-Agent header. Program plugins (mysqlmap.py and postgres.py) were strongly improved. Active MySQL fingerprint check_dbms() was improved. Enumeration functions were improved for both databases. Minor changes were made in the unescape() functions. The old inference algorithm was replaced with a new bisection algorithm.