SQLMap 0.6.1 released
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Changelog
- Major bug fix to blind SQL injection bisection algorithm to handle an exception;
- Added a Metasploit Framework 3 auxiliary module to run sqlmap;
- Implemented possibility to test for and inject also on LIKE statements;
- Implemented —start and —stop options to set the first and the last table entry to dump;
- Added non-interactive/batch-mode (—batch) option to make it easy to wrap sqlmap in Metasploit and any other tool;
- Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
- Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries’ order alphabetically anymore;
- Minor bug fix to correctly handle parameters’ value with % character.
Post scriptum
Compliance Mandates
|