We had updated you all about the latest release candidate of sqlmap being made available for download by the authors here.
Now, the stable version of sqlmap has been released by Bernardo Damele, the author. The changelog of this version, reads the folloing entries:
* Adapted Metasploit wrapping functions to work with latest 3.3
development version too.
* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
* Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or
–os-bof is selected) when running under Windows because msfconsole
and msfcli are not supported on the native Windows Ruby interpreter.
This make sqlmap 0.7 to work again on Windows too.
* Minor improvement so that sqlmap tests also all parameters with no
value (eg. par=).
* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and
2.6+.
* Major bug fix to sql-query/sql-shell features.
* Major bug fix in –read-file option.
* Major silent bug fix to multi-threading functionality.
* Fixed the web backdoor functionality (for MySQL) when (usually) stacked
queries are not supported and –os-shell is provided.
* Fixed MySQL ‘comment injection’ version fingerprint.
* Fixed basic Microsoft SQL Server 2000 fingerprint.
* Many minor bug fixes and code refactoring.
We all know, that sqlmap is an open source command-line automatic SQL injection tool. It aims at to detecting and taking advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, you can then choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run your own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between your box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Exciting isn’t it? It is cross platform. It can work on both – *NIX & Win32. Download it here. If you are interested in knowing more about this tool, you can read the sqlmap user’s manual in HTML or in PDF.
Related External Links
??????? sqlmap for Windows, sqlmap-0 7 howto
You must log in to post a comment.