This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - SQLMap - Progress Page"
From OWASP
m |
|||
Line 1: | Line 1: | ||
− | == | + | == Objectives for OWASP Spring of Code 2007 == |
− | + | === Accomplished objectives at 30th of July 2007 === | |
* '''[100%]''' Extend inband SQL injection functionality to all other possible queries | * '''[100%]''' Extend inband SQL injection functionality to all other possible queries | ||
* '''[100%]''' Add Microsoft SQL Server database fingerprint | * '''[100%]''' Add Microsoft SQL Server database fingerprint | ||
+ | * '''[100%]''' Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting | ||
* '''[100%]''' Add support for query ETA (Estimated Time of Arrival) real time calculation | * '''[100%]''' Add support for query ETA (Estimated Time of Arrival) real time calculation | ||
* '''[100%]''' Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions | * '''[100%]''' Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions | ||
* '''[100%]''' Improve logging functionality | * '''[100%]''' Improve logging functionality | ||
− | + | === Ongoing work at 30th of July 2007 === | |
− | * '''[ | + | * '''[20%]''' Add support for Oracle database management system |
* '''[60%]''' Add support to extract database users password hash (done for MySQL and PostgreSQL, in progress for Microsoft SQL Server) | * '''[60%]''' Add support to extract database users password hash (done for MySQL and PostgreSQL, in progress for Microsoft SQL Server) | ||
− | |||
* '''[0%]''' Add support for SQL injection on HTTP ''Cookie'' and ''User-Agent'' headers | * '''[0%]''' Add support for SQL injection on HTTP ''Cookie'' and ''User-Agent'' headers | ||
− | === Links | + | |
+ | == Changes in sqlmap during OWASP Spring of Code 2007 == | ||
+ | |||
+ | === May 2007 === | ||
+ | |||
+ | * '''[SpoC]''' Added support to extract database users password hash on MySQL and PostgreSQL | ||
+ | * '''[SpoC]''' Improved Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions | ||
+ | * '''[SpoC]''' Added support for query ETA (Estimated Time of Arrival) real time calculation (''--eta'') | ||
+ | * '''[SpoC]''' Added Microsoft SQL Server extensive DBMS fingerprint checks based upon extensive infogathering on ''@@version'' matching on an XML file to get also the exact patching level of the DBMS | ||
+ | * '''[SpoC]''' Improved logging functionality: passed from banal ''print'' to Python native logging library | ||
+ | * Added DBMS fingerprint based also upon HTML error messages parsing by a ''xml.sax'' function/class (defined in ''lib/parser.py'') which read an XML file defining default error messages for each supported DBMS | ||
+ | * Added the possibility to specify ''mssql'', ''pgsql'' as ''--remote-dbms'' values | ||
+ | |||
+ | === June 2007 === | ||
+ | |||
+ | * '''[SpoC]''' Improved UNION SELECT check so now it works with five different DBMS because it uses the ''xml/errors.xml'' file to recognize HTML error messages and correctly identify if the inband SQL injection performed provided good results or not | ||
+ | * Updated documentation | ||
+ | * Layout fixes | ||
+ | |||
+ | === July 2007 === | ||
+ | |||
+ | * '''[SpoC]''' Extended inband SQL injection functionality (''--union-use'') to all other possible queries since it only worked with ''-e'' and ''--file'' on all DMBS plugins | ||
+ | * '''[SpoC]''' Added a fuzzer function with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting (''txt/fuzz_vectors.txt'', ''Common.passiveFuzzing()'', ''lib/settings.py'' and DBMS plugins) | ||
+ | * '''[SpoC]''' Reviewed HTTP request library (''lib/request.py'') to support the extended inband SQL injection functionality. Splitted ''getValue()'' into ''getInband()'' and ''getBlind()'' | ||
+ | * '''[SpoC]''' Major enhancements in common library and added ''checkForBrackets()'' method to check if the bracket(s) are needed to perform a UNION query SQL injection attack | ||
+ | * Implemented ''--dump-all'' functionality to dump entire DBMS data from all databases tables | ||
+ | * Imlemented in ''Dump.dbTableValues()'' method the CSV file dumped data automatic saving in ''csv/'' folder by default | ||
+ | * Added DB2, Informix and Sybase DBMS error messages and minor improvements in ''xml/errors.xml'' | ||
+ | * Renamed DMBS plugins | ||
+ | |||
+ | |||
+ | == Links == | ||
* [http://sqlmap.svn.sourceforge.net/viewvc/*checkout*/sqlmap/doc/ChangeLog sqlmap ChangeLog] | * [http://sqlmap.svn.sourceforge.net/viewvc/*checkout*/sqlmap/doc/ChangeLog sqlmap ChangeLog] | ||
* [http://sqlmap.svn.sourceforge.net/viewvc/sqlmap?view=rev sqlmap last SVN revision log message] | * [http://sqlmap.svn.sourceforge.net/viewvc/sqlmap?view=rev sqlmap last SVN revision log message] |
Revision as of 10:34, 30 July 2007
Objectives for OWASP Spring of Code 2007
Accomplished objectives at 30th of July 2007
- [100%] Extend inband SQL injection functionality to all other possible queries
- [100%] Add Microsoft SQL Server database fingerprint
- [100%] Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting
- [100%] Add support for query ETA (Estimated Time of Arrival) real time calculation
- [100%] Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
- [100%] Improve logging functionality
Ongoing work at 30th of July 2007
- [20%] Add support for Oracle database management system
- [60%] Add support to extract database users password hash (done for MySQL and PostgreSQL, in progress for Microsoft SQL Server)
- [0%] Add support for SQL injection on HTTP Cookie and User-Agent headers
Changes in sqlmap during OWASP Spring of Code 2007
May 2007
- [SpoC] Added support to extract database users password hash on MySQL and PostgreSQL
- [SpoC] Improved Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
- [SpoC] Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta)
- [SpoC] Added Microsoft SQL Server extensive DBMS fingerprint checks based upon extensive infogathering on @@version matching on an XML file to get also the exact patching level of the DBMS
- [SpoC] Improved logging functionality: passed from banal print to Python native logging library
- Added DBMS fingerprint based also upon HTML error messages parsing by a xml.sax function/class (defined in lib/parser.py) which read an XML file defining default error messages for each supported DBMS
- Added the possibility to specify mssql, pgsql as --remote-dbms values
June 2007
- [SpoC] Improved UNION SELECT check so now it works with five different DBMS because it uses the xml/errors.xml file to recognize HTML error messages and correctly identify if the inband SQL injection performed provided good results or not
- Updated documentation
- Layout fixes
July 2007
- [SpoC] Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins
- [SpoC] Added a fuzzer function with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting (txt/fuzz_vectors.txt, Common.passiveFuzzing(), lib/settings.py and DBMS plugins)
- [SpoC] Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind()
- [SpoC] Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack
- Implemented --dump-all functionality to dump entire DBMS data from all databases tables
- Imlemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default
- Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml
- Renamed DMBS plugins