[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c3b42e3b0812180457n6df25237od53219c9f10d5a45@mail.gmail.com>
Date: Thu, 18 Dec 2008 15:57:31 +0300
From: "Taras Ivashchenko" <naplanetu@...il.com>
To: "Bernardo Damele A. G." <bernardo.damele@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, dailydave@...ts.immunitysec.com,
bugtraq@...urityfocus.com, pen-test@...urityfocus.com,
websecurity@...appsec.org
Subject: Re: [Tool] sqlmap 0.6.3 released
Hello, Bernardo!
Great news! It's one of my favorite hacker's tools :)
Тарас Иващенко (Taras Ivashchenko)
--
"Software is like sex: it's better when it's free.", - Linus Torvalds.
2008/12/18 Bernardo Damele A. G. <bernardo.damele@...il.com>
> Hi,
>
> I am glad to release sqlmap version 0.6.3.
>
> Introduction
> ============
>
> sqlmap is an automatic SQL injection tool developed in Python. Its goal
> is to detect and take advantage of SQL injection vulnerabilities on web
> applications. Once it detects one or more SQL injections on the target
> host, the user can choose among a variety of options to perform an
> extensive back end database management system fingerprint, retrieve DBMS
> session user and database, enumerate users, password hashes, privileges,
> databases, dump entire or user's specific DBMS tables/columns, run his
> own SQL SELECT statement, read specific files on the file system and
> much more.
>
>
> Changes
> =======
>
> Some of the new features include:
>
> * Major enhancement to get list of targets to test from Burp proxy
> (http://portswigger.net/suite/) requests log file path or WebScarab
> proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
> 'conversations/' folder path by providing option -l <filepath>;
> * Major enhancement to support Partial UNION query SQL injection
> technique too;
> * Major enhancement to test if the web application technology supports
> stacked queries (multiple statements) by providing option --stacked-test
> which will be then used someday also by takeover functionality;
> * Major enhancement to test if the injectable parameter is affected by a
> time based blind SQL injection technique by providing option --time-test;
> * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
> * Major bug fix so that when the user provide a SELECT statement to be
> processed with an asterisk as columns, now it also work if in the FROM
> there is no database name specified;
>
>
> Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.
>
>
> Download
> ========
>
> You can download it in various formats:
>
> * Source gzip compressed,
> http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.tar.gz
>
> * Source bzip2 compressed,
> http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.tar.bz2
>
> * Source zip compressed,
> http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3.zip
>
> * DEB binary package,
> http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.3-1_all.deb
>
> * RPM binary package,
> http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3-1.noarch.rpm
>
> * Portable executable for Windows that does not require the Python
> interpreter to be installed on the operating system,
> http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.3_exe.zip
>
>
> Documentation
> =============
>
> * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
>
> * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
>
>
> Happy hacking!
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
> PGP Key ID: 0x05F5A30F
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists