SQLMap 0.6.1 released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Changelog

  • Major bug fix to blind SQL injection bisection algorithm to handle an exception;
  • Added a Metasploit Framework 3 auxiliary module to run sqlmap;
  • Implemented possibility to test for and inject also on LIKE statements;
  • Implemented —start and —stop options to set the first and the last table entry to dump;
  • Added non-interactive/batch-mode (—batch) option to make it easy to wrap sqlmap in Metasploit and any other tool;
  • Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
  • Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries’ order alphabetically anymore;
  • Minor bug fix to correctly handle parameters’ value with % character.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Application Scanner
Configurations checks
Database
SQLmap
Vulnerability Scanner