sqlmap released

Yesterday Bernardo Damele released the new version of the automatic SQL injection tool. sqlmap supports all databases (including Oracle) and can automatically exploit sql injection vulnerabilities and enumerate database information like usernames, privileges, … or download table content .
The latest changes are available in the changelog.
Here are 2 screenshots from a vulnerable test application (with Oracle 11g).

sqlmap 0.6.3

sqlmap 0.6.3

I also tried to run sqlmap against my test server but this version was not able to find the sql injection.

sqlmap 0.6.4

Today Bernardo has send me an email that he will release an updated version of sqlmap within the next few weeks.

Leave a Reply

You must be logged in to post a comment.