Merged back from personal branch to trunk (svn merge -r846:940 ...)

Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2026-01-21 05:39:16 +00:00 · 2009-09-25 23:03:45 +00:00
parent 458d59416c
commit 89c43893d4
52 changed files with 1698 additions and 647 deletions
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -262,6 +262,18 @@ limitStart = 0
 # retrieve them until the last)
 limitStop = 0

+# First query output word character to retrieve
+# Valid: integer
+# Default: 0 (sqlmap will enumerate the query output from the first
+# character)
+firstChar = 0
+
+# Last query output word character to retrieve
+# Valid: integer
+# Default: 0 (sqlmap will enumerate the query output until the last
+# character)
+lastChar = 0
+
 # SQL SELECT query to be executed.
 # Example: SELECT 'foo', 'bar'
 query = 
@@ -271,6 +283,16 @@ query =
 sqlShell = False


+[User-defined function]
+
+# Inject custom user-defined functions
+# Valid: True or False
+udfInject = False
+
+# Local path of the shared library
+shLib = 
+
+
 [File system]

 # Read a specific file from the back-end DBMS underlying file system.
@@ -324,6 +346,30 @@ msfPath =
 tmpPath = 


+[Windows]
+
+# Read a Windows registry key value
+regRead = False
+
+# Write a Windows registry key value data
+regAdd = False
+
+# Delete a Windows registry key value
+regDel = False
+
+# Windows registry key
+regKey = 
+
+# Windows registry key value
+regVal = 
+
+# Windows registry key value data
+regData = 
+
+# Windows registry key value type
+regType = 
+
+
 [Miscellaneous]

 # Retrieve each query output length and calculate the estimated time of