sqlmap

This release adds multi-threading support to set the maximum number of concurrent HTTP requests. It implements SQL shell (--sql-shell) functionality, and fixes SQL query (--sql-query, previously called -e) to be able to run any SELECT statement and get its output in both inband and blind SQL injection attacks. An option (--privileges) to retrieve DBMS user privileges has been added. It also notifies whether the user is a DBMS administrator. Support (-c) has been added to read options from a configuration file. An example of a valid INI file is sqlmap.conf. Support (--save) has been added to save command line options in a configuration file.

This release adds support for Oracle, extends inband SQL injection functionality (--union-use) to all possible queries, adds support to extract a database user's password hash on Microsoft SQL Server, adds a fuzzer function with the aim to parse HTML pages looking for standard database error messages (consequently improving database fingerprinting), adds support for SQL injection on HTTP Cookie and User-Agent headers, and has many other changes.

A DBMS fingerprinting method based upon HTML error
messages parsing was added. This method is defined
in lib/parser.py and reads an XML file defining
default error messages for each supported DBMS.
Extensive DBMS fingerprint checks for Microsoft
SQL Server were added, based upon accurate
"@@version" parsing and matching on an XML file to
get the exact patching level of the DBMS. Support
for real time calculation of query ETA (estimated
time of arrival) was added. Support was added for
extracting a password hash for database management
system users on MySQL and PostgreSQL.

This release adds a PostgreSQL DBMS active
fingerprint, a
strongly-improved MySQL DBMS active fingerprint
and a MySQL comment
injection check, an encodeParams() method to
encode URL parameters
before making an HTTP request, many bugfixes, a
module for MS SQL
Server, rewritten documentation files, and support
for a --data
commandline argument (to pass the string for POST
requests), for UNION
check (--union-check), and for string match
(--string). It delegates
most of features to the engine in common.py and
option.py and removes
duplicated code.

The entire program was completely refactored. TODO
and THANKS files were added. Some references to
papers were added in the README file. Headers were
moved to user-agents.txt, so now the -f parameter
specifies a file (user-agents.txt) and randomizes
the selection of User-Agent header. Program
plugins (mysqlmap.py and postgres.py) were
strongly improved. Active MySQL fingerprint
check_dbms() was improved. Enumeration functions
were improved for both databases. Minor changes
were made in the unescape() functions. The old
inference algorithm was replaced with a new
bisection algorithm.