sqlmap 0.6.4.1 released
Dieser Eintrag stammt von Alexander Kornbrust Am 5 Feb 2009 @ 12:19 In Oracle Security | Keine Kommentare
Yesterday Bernardo Damele released the new version[1] 0.6.4.1 of the automatic SQL injection tool. sqlmap supports all databases (including Oracle) and can automatically exploit sql injection vulnerabilities and enumerate database information like usernames, privileges, … or download table content .
The latest changes are available in the [2] changelog.
Here are 2 screenshots from a vulnerable test application (with Oracle 11g).
I also tried to run sqlmap 0.6.4.1 against my test server but this version was not able to find the sql injection.
Update:
Today Bernardo has send me an email that he will release an updated version of sqlmap within the next few weeks.
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2009/02/05/sqlmap-0641-released/
URLs in this post:
[1] 0.6.4.1: http://sourceforge.net/projects/sqlmap/
[2] changelog.: http://sqlmap.sourceforge.net/doc/ChangeLog
Klicken hier zum Drucken.