SQLmap version 0.7 in the wild

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Changelog for this release :

  • Adapted Metasploit wrapping functions to work with latest 3.3
    development version too.
  • Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
  • Reset takeover OOB features (if any of —os-pwn, —os-smbrelay or
    — os-bof is selected) when running under Windows because msfconsole
    and msfcli are not supported on the native Windows Ruby interpreter.
    This make sqlmap 0.7 to work again on Windows too.
  • Minor improvement so that sqlmap tests also all parameters with no
    value (eg. par=).
  • HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

Thanks to Maximiliano Soler for the notification

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Database
Penetration testing & Ethical Hacking
SQLmap
Vulnerability Scanner