SQLMap v0.8 released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

New features :

  • Support to enumerate and dump all databases’ tables containing user
    provided column(s) by specifying for instance ’—dump -C user,pass’.
    Useful to identify for instance tables containing custom application
    credentials (Bernardo).
  • Support to parse -C (column name(s)) when fetching columns of a
    table with —columns: it will enumerate only columns like the provided
    one(s) within the specified table (Bernardo).
PNG - 43.6 kb
  • Support for takeover features on PostgreSQL 8.4 (Bernardo).
  • Enhanced —priv-esc to rely on new Metasploit Meterpreter’s
    ’getsystem’ command to elevate privileges of the user running the
    back-end DBMS instance to SYSTEM on Windows (Bernardo).
  • Automatic support in —os-pwn to use the web uploader/backdoor to
    upload and execute the Metasploit payload stager when stacked queries
    SQL injection is not supported, for instance on MySQL/PHP and
    MySQL/ASP, but there is a writable folder within the web server
    document root (Bernardo and Miroslav).
  • Added support for regular expression based scope when parsing Burp
    or Web Scarab proxy log file (-l), —scope (Miroslav).
  • Major bug fix and enhancements to the multi-threading (—threads)
    functionality (Miroslav).

Complete list of changes at
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Database
Penetration testing & Ethical Hacking
SQLmap
Vulnerability Scanner