Merged back from personal branch to trunk (svn merge -r846:940 ...)

Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2026-01-06 14:49:05 +00:00 · 2009-09-25 23:03:45 +00:00
parent 458d59416c
commit 89c43893d4
52 changed files with 1698 additions and 647 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,26 @@
+sqlmap (0.8-1) stable; urgency=low
+
+  * Major enhancement to the Microsoft SQL Server stored procedure
+    heap-based buffer overflow exploit (--os-bof) to automatically bypass
+    DEP memory protection.
+  * Added support for MySQL and PostgreSQL to execute Metasploit shellcode
+    via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
+    option instead of uploading the standalone payload stager executable.
+  * Added options for MySQL, PostgreSQL and Microsoft SQL Server to
+    read/add/delete Windows registry keys.
+  * Added options for MySQL and PostgreSQL to inject custom user-defined
+    functions.
+  * Added support for --first and --last so the user now has even more
+    granularity in what to enumerate in the query output.
+  * Minor enhancement to save the session by default in
+    'output/hostname/session' file if -s option is not specified.
+  * Minor improvement to automatically remove sqlmap created temporary
+    files from the DBMS underlying file system.
+  * Minor bugs fixed.
+  * Major code refactoring.
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  DAY, DD MMM 20YY 10:00:00 +0000
+
 sqlmap (0.7-1) stable; urgency=low

  * Adapted Metasploit wrapping functions to work with latest 3.3
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -20,7 +20,7 @@ Cesar Cerrudo <cesar@argeniss.com>
    sqlmap tree as a contrib library and used to run the stand-alone
    payload stager on the target Windows machine as SYSTEM user if the
    user wants to perform a privilege escalation attack,
-    http://www.argeniss.com/research/Churrasco.zip
+    http://www.argeniss.com/research/TokenKidnapping.pdf

 Karl Chen <quarl@cs.berkeley.edu>
    for providing with the multithreading patch for the inference
@@ -50,6 +50,11 @@ Dan Guido <dguido@gmail.com>
 Adam Faheem <faheem.adam@is.co.za>
    for reporting a few bugs

+James Fisher <www@sittinglittleduck.com>
+    for providing me with two very good feature requests
+    for his great tool too brute force directories and files names on
+    web/application servers, Dir Buster, http://tinyurl.com/dirbuster
+
 Jim Forster <jimforster@goldenwest.com>
    for reporting a bug

@@ -70,6 +75,7 @@ Ivan Giacomelli <truemilk@insiberia.net>
    for reviewing the documentation

 Oliver Gruskovnjak <oliver.gruskovnjak@gmail.com>
+    for reporting a bug
    for providing me with a minor patch

 Davide Guerri <d.guerri@caspur.it>
@@ -108,10 +114,13 @@ Nicolas Krassas <krasn@ans.gr>
    for reporting a bug

 Guido Landi <lists@keamera.org>
+    for reporting a couple of bugs
    for the great technical discussions
    for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
    'sp_replwritetovarbin' stored procedure heap-based buffer overflow
-    (MS09-004) exploit development, http://www.milw0rm.com/author/1413
+    (MS09-004) exploit development
+    for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
+    on September 21, 2009

 Lee Lawson <Lee.Lawson@dns.co.uk>
    for reporting a minor bug
@@ -153,6 +162,9 @@ John F. Reiser <sales@bitwagon.com>
 Antonio Parata <s4tan@ictsc.it>
    for providing me with some ideas for the PHP backdoor

+Adrian Pastor <ap@gnucitizen.org>
+    for donating to sqlmap development
+
 Chris Patten <cpatten@sunera.com>
    for reporting a bug in the blind SQL injection bisection algorithm