[New Added] SQLMap V0.5 Automating SQL injection tests

by

In: Application Scanner , Configurations checks , SQLmap , Vulnerability Scanner

20 November 2007

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

  • Add support for Oracle database management system
  • Add support to extract database users password hash
  • Extend inband SQL injection functionality to all other possible queries
  • Add Microsoft SQL Server database fingerprint
  • Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting
  • Add support for SQL injection on HTTP Cookie and User-Agent headers
  • Add support for query ETA (Estimated Time of Arrival) real time calculation
  • Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
  • Improve logging functionality

See features here

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Configurations checks
SQLmap
Vulnerability Scanner