SQLMap 0.7rc1 available

sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Changelog for this release :

  • Added support to execute arbitrary commands on the database server
    underlying operating system either returning the standard output or
    not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell()
    stored procedure on Microsoft SQL Server;
  • Added support for out-of-band connection between the attacker box
    and the database server underlying operating system via stand-alone
    payload stager created by Metasploit and supporting Meterpreter, shell
    and VNC payloads for both Windows and Linux;
  • Added support for out-of-band connection via Microsoft SQL Server
    2000 and 2005 ’sp_replwritetovarbin’ stored procedure heap-based
    buffer overflow (MS09-004) exploitation with multi-stage Metasploit
    payload support;
  • Added support for out-of-band connection via SMB reflection attack
    with UNC path request from the database server to the attacker box by
    using the Metasploit smb_relay exploit;
  • Added support to read and write (upload) both text and binary files
    on the database server underlying file system for MySQL, PostgreSQL
    and Microsoft SQL Server;
  • Added database process’ user privilege escalation via Windows Access
    Tokens kidnapping on MySQL and Microsoft SQL Server via either
    Meterpreter’s incognito extension or Churrasco stand-alone executable.