[sqlmap-users] sqlmap 0.8 released
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2010-03-15 03:10:55
|
Hi, I am glad to release sqlmap version 0.8. Changes ======= Some of the new features include: * Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials (Bernardo). * Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo). * Support for takeover features on PostgreSQL 8.4 (Bernardo). * Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo). * Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav). * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav). Complete list of changes at https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.8-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.8_exe.zip Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * Conferences' material (whitepaper and slides): http://sqlmap.sourceforge.net/#docs Contribute ========== I am looking for security geeks who can write some "clean" Python code, know about web application security, database takeover, post-exploitation techniques, software refactoring and are motivated to join the development team. If you are interested, please get back to me (ber...@gm...). If you have no clue what the tool is about, are excited about joining the effort, but has never written a single line of code or you want only to appear in the AUTHORS file, please don't waste my and your time. Happy hacking! Bernardo and Miroslav -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |