Hi, I am glad to release sqlmap version 0.7rc1. WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems. Introduction ============ sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more. Changes ======= Some of the new features include: * Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server; * Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux; * Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support; * Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit; * Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server; * Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable. Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in two formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.tar.gz * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.zip Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * "Advanced SQL injection to operating system full control" whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in Amsterdam (The Netherlands) on April 16, 2009 [1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf [2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides Happy hacking! -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F
