ARTICLE SQLmap version 0.7 in the wild

Tuesday 28 July 2009 - 551 read - ( Keywords : Configurations checks , Database , Penetration testing & Ethical Hacking , SQLmap , Vulnerability Scanner )

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Changelog for this release :

- Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
- Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
- Reset takeover OOB features (if any of —os-pwn, —os-smbrelay or
— os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
- Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
- HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

Thanks to Maximiliano Soler for the notification


POSTSCRIPTUM

Download (various format)


COMPLIANCE MANDATES

Penetration testing & Ethical Hacking : PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


RELATED ARTICLES

Configurations checks, Database, Penetration testing & Ethical Hacking, SQLmap, Vulnerability Scanner,

15 March 2010 : SQLMap v0.8 released
19 January 2010 : (Info) SQLmap v0.8 stable soon to be released
10 October 2009 : SQLMap v0.8 release candidate 1 is out
28 July 2009 : SQLmap version 0.7 in the wild
24 April 2009 : SQLMap 0.7rc1 available