sqlmap

File Release Notes and Changelog

Release Name: 0.6.4

Notes:


Changes:
* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object.
* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology.
* Major speed increase in DBMS basic fingerprint.
* Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator.
* Minor enhancement to support an option (--union-tech) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing.
* Added internal support to forge CASE statements, used only by --is-dba query at the moment.
* Minor layout adjustment to the --update output;
* Increased default timeout to 30 seconds;
* Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle.
* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable.
* Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server.
* Minor bug fix to make the --postfix work even if --prefix is not provided.
* Updated documentation.