This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
SpoC 007 - SQLMap - Progress Page
From OWASP
Objectives for OWASP Spring of Code 2007
Accomplished objectives at 30th of July 2007
- [100%] Extend inband SQL injection functionality to all other possible queries
- [100%] Add Microsoft SQL Server database fingerprint
- [100%] Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting
- [100%] Add support for query ETA (Estimated Time of Arrival) real time calculation
- [100%] Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
- [100%] Improve logging functionality
Ongoing work at 30th of July 2007
- [20%] Add support for Oracle database management system
- [60%] Add support to extract database users password hash (done for MySQL and PostgreSQL, in progress for Microsoft SQL Server)
- [0%] Add support for SQL injection on HTTP Cookie and User-Agent headers
Changes in sqlmap during OWASP Spring of Code 2007
May 2007
- [SpoC] Added support to extract database users password hash on MySQL and PostgreSQL
- [SpoC] Improved Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
- [SpoC] Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta)
- [SpoC] Added Microsoft SQL Server extensive DBMS fingerprint checks based upon extensive infogathering on @@version matching on an XML file to get also the exact patching level of the DBMS
- [SpoC] Improved logging functionality: passed from banal print to Python native logging library
- Added DBMS fingerprint based also upon HTML error messages parsing by a xml.sax function/class (defined in lib/parser.py) which read an XML file defining default error messages for each supported DBMS
- Added the possibility to specify mssql, pgsql as --remote-dbms values
June 2007
- [SpoC] Improved UNION SELECT check so now it works with five different DBMS because it uses the xml/errors.xml file to recognize HTML error messages and correctly identify if the inband SQL injection performed provided good results or not
- Updated documentation
- Layout fixes
July 2007
- [SpoC] Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins
- [SpoC] Added a fuzzer function with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting (txt/fuzz_vectors.txt, Common.passiveFuzzing(), lib/settings.py and DBMS plugins)
- [SpoC] Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind()
- [SpoC] Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack
- Implemented --dump-all functionality to dump entire DBMS data from all databases tables
- Imlemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default
- Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml
- Renamed DMBS plugins