Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Sqlmap 0.9

  • 15-04-2011 5:29am
    #1
    Registered Users, Registered Users 2 Posts: 367 ✭✭


    http://sqlmap.sourceforge.net/

    I've only had a quick test, But I'd be interested in details of the new features.
    sqlmap (0.9-1) stable; urgency=low

    * Rewritten SQL injection detection engine (Bernardo and Miroslav).
    * Support to directly connect to the database without passing via a
    SQL injection, -d switch (Bernardo and Miroslav).
    * Added full support for both time-based blind SQL injection and
    error-based SQL injection techniques (Bernardo and Miroslav).
    * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
    * Implemented support for Firebird (Bernardo and Miroslav).
    * Implemented support for Microsoft Access, Sybase and SAP MaxDB
    (Miroslav).
    * Extended old '--dump -C' functionality to be able to search for
    specific database(s), table(s) and column(s), --search switch
    (Bernardo).
    * Added support to tamper injection data with --tamper switch (Bernardo
    and Miroslav).
    * Added automatic recognition of password hashes format and support to
    crack them with a dictionary-based attack (Miroslav).
    * Added support to enumerate roles on Oracle, --roles switch (Bernardo).
    * Added support for SOAP based web services requests (Bernardo).
    * Added support to fetch unicode data (Bernardo and Miroslav).
    * Added support to use persistent HTTP(s) connection for speed
    improvement, --keep-alive switch (Miroslav).
    * Implemented several optimization switches to speed up the exploitation
    of SQL injections (Bernardo and Miroslav).
    * Support to test and inject against HTTP Referer header (Miroslav).
    * Implemented HTTP(s) proxy authentication support, --proxy-cred switch
    (Miroslav).
    * Implemented feature to speedup the enumeration of table names
    (Miroslav).
    * Support for customizable HTTP(s) redirections (Bernardo).
    * Support to replicate the back-end DBMS tables structure and entries
    in a local SQLite 3 database, --replicate switch (Miroslav).
    * Support to parse and test forms on target url, --forms switch
    (Bernardo and Miroslav).
    * Added switches to brute-force tables names and columns names with a
    dictionary attack, --common-tables and --common-columns. Useful for
    instance when system table 'information_schema' is not available on
    MySQL (Miroslav).
    * Basic support for REST-style URL parameters by using the asterisk (*)
    to mark where to test for and exploit SQL injection (Miroslav).
    * Added safe URL feature, --safe-url and --safe-freq (Miroslav).
    * Added --text-only switch to strip from the HTTP response body the
    HTML/JS code and compare pages based only on their textual content
    (Miroslav).
    * Implemented few other features and switches (Bernardo and Miroslav).
    * Over 100 bugs fixed (Bernardo and Miroslav).
    * Major code refactoring (Bernardo and Miroslav).
    * User's manual updated (Bernardo).

    -- Bernardo Damele A. G. <bernardo.damele@gmail.com> Sun, 10 Apr 2011 21:00:00 +0000


Comments

  • Registered Users, Registered Users 2 Posts: 367 ✭✭900913


    The use random useragent has changed from:
    ./sqlmap.py -a c:\user_agents_file.txt -u "http://abc.com/a?id=1&quot;

    TO
    ./sqlmap.py --random-agent -u "http://abc.com/a?id=1&quot;

    It's a start..


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    I do love sqlmap.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    If you analyse the http(s) requests between havij and sqlmap, you can see that havij is far more optimized and smart. Has to send far less GET requests to grab the database/table/column details/data. You still see sqlmap doing lots of slow searching and using queries that don't always give the best return of data in a given go.

    Which I guess is hard to believe when a Win32 GUI tool beats a *nix command line tool.. but hey try it yourself!


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    In fairness, SQLmap is just more thorough. Havij is decent, but it is nowhere near as powerful as sqlmap IMO.


  • Registered Users, Registered Users 2 Posts: 367 ✭✭900913


    I think there are advantages and disadvantages with every automated tool.
    Havij is really good with a point and click gui, but sqlmap has many more features.

    But I still haven't found one that is good at filter evasion.

    With havij you can put your evasion injection string into the "Syntax" box.

    I've not even tried this on sqlmap yet.

    Anyone know of any tools that are good at filter evasion besides brain power.


  • Advertisement
Advertisement