New Features/Changes
- Rewritten SQL injection detection engine (Bernardo and Miroslav).
- Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
- Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
- Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
- Implemented support for Firebird (Bernardo and Miroslav).
- Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
- Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
- Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
- Added support to fetch unicode data (Bernardo and Miroslav).
- Added support to use persistent HTTP(s) connection for speed improvement, alive switch (Miroslav).
- Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
- Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
- Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.
You can also download the user manual here [PDF] – sqlmap README
You can download sqlmap 0.9 here:
sqlmap-0.9.tar.gz
Or read more here.
Post a Comment