SpoC 007 - SQLMap - Progress Page

Accomplished objectives at 30th of July 2007

 * [100%] Extend inband SQL injection functionality to all other possible queries
 * [100%] Add Microsoft SQL Server database fingerprint
 * [100%] Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting
 * [100%] Add support for query ETA (Estimated Time of Arrival) real time calculation
 * [100%] Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
 * [100%] Improve logging functionality

Ongoing work at 30th of July 2007

 * [20%] Add support for Oracle database management system
 * [60%] Add support to extract database users password hash (done for MySQL and PostgreSQL, in progress for Microsoft SQL Server)
 * [0%] Add support for SQL injection on HTTP Cookie and User-Agent headers

May 2007

 * [SpoC] Added support to extract database users password hash on MySQL and PostgreSQL
 * [SpoC] Improved Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
 * [SpoC] Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta)
 * [SpoC] Added Microsoft SQL Server extensive DBMS fingerprint checks based upon extensive infogathering on @@version matching on an XML file to get also the exact patching level of the DBMS
 * [SpoC] Improved logging functionality: passed from banal print to Python native logging library
 * Added DBMS fingerprint based also upon HTML error messages parsing by a xml.sax function/class (defined in lib/parser.py) which read an XML file defining default error messages for each supported DBMS
 * Added the possibility to specify mssql, pgsql as --remote-dbms values

June 2007

 * [SpoC] Improved UNION SELECT check so now it works with five different DBMS because it uses the xml/errors.xml file to recognize HTML error messages and correctly identify if the inband SQL injection performed provided good results or not
 * Updated documentation
 * Layout fixes

July 2007

 * [SpoC] Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins
 * [SpoC] Added a fuzzer function with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting (txt/fuzz_vectors.txt, Common.passiveFuzzing, lib/settings.py and DBMS plugins)
 * [SpoC] Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue into getInband and getBlind
 * [SpoC] Major enhancements in common library and added checkForBrackets method to check if the bracket(s) are needed to perform a UNION query SQL injection attack
 * Implemented --dump-all functionality to dump entire DBMS data from all databases tables
 * Imlemented in Dump.dbTableValues method the CSV file dumped data automatic saving in csv/ folder by default
 * Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml
 * Renamed DMBS plugins

Links

 * sqlmap ChangeLog
 * sqlmap last SVN revision log message