sql injection tecniques

We wrote about sqlmap version 0.8 RC 1 being released here. Now, the author Bernardo Damele A. G. has released the FINAL version!

“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.”

This is the change log for sqlmap version 0.8:
* Support to enumerate and dump all databases’ tables containing user provided column(s) by specifying for instance ‘–dump -C user,pass’.
Useful to identify for instance tables containing custom application credentials (Bernardo).
* Support to parse -C (column name(s)) when fetching columns of a table with –columns: it will enumerate only columns like
the provided one(s) within the specified table (Bernardo).
* Support for takeover features on PostgreSQL 8.4 (Bernardo).
* Enhanced –priv-esc to rely on new Metasploit Meterpreter’s ‘getsystem’ command to elevate privileges of the user running the
back-end DBMS instance to SYSTEM on Windows (Bernardo).
* Automatic support in –os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav).
* Fixed web backdoor functionality for –os-cmd, –os-shell and –os-pwn useful when web application does not support stacked queries (Bernardo).
* Added support to properly read (–read-file) also binary files via PostgreSQL by injecting sqlmap new sys_fileread() user-defined
function (Bernardo and Miroslav).
* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
* Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
* Support for NTLM authentication via python-ntlm third party library,http://code.google.com/p/python-ntlm/, –auth-type NTLM (Bernardo).
* Support to automatically decode deflate, gzip and x-gzip HTTP responses (Miroslav).
* Support for Certificate authentication, –auth-cert option added (Miroslav).
* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), –scope (Miroslav).
* Added option (-r) to load a single HTTP request from a text file (Miroslav).
* Added option (–ignore-proxy) to ignore system default HTTP proxy (Miroslav).
* Added support to ignore Set-Cookie in HTTP responses, –drop-set-cookie (Miroslav).
* Added support to specify which Google dork result page to parse, –gpage to be used together with -g (Miroslav).
* Major bug fix and enhancements to the multi-threading (–threads) functionality (Miroslav).
* Fixed URL encoding/decoding of GET/POST parameters and Cookie header (Miroslav).
* Refactored –update to use python-svn third party library if available or ‘svn’ command to update sqlmap to the latest development version from subversion repository (Bernardo and Miroslav).
* Major bugs fixed (Bernardo and Miroslav).
* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo and Miroslav).
* Major code cleanup (Miroslav).
* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware (Miroslav).
* Updated user’s manual (Bernardo and Miroslav).
* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.sourceforge.net/demo.html (Bernardo).

So, you see that the author has gotten a lot of things done with this release. Head over here and download sqlmap version 0.8!

Tagged as: database security, SQL Injection, sql injection tecniques, sqlmap

Be the first to comment!