[ad]<\/p>\n
We’ve been following sqlmap since it first came out in Feburary 2007<\/a> and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008<\/a>. <\/p>\n For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.<\/p>\n Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables\/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.<\/p>\n Recent Changes<\/strong><\/p>\n Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:<\/p>\n For a complete list of changes view the ChangeLog<\/a>.<\/p>\n The manual is available here – README.pdf<\/a> [PDF]<\/p>\n You can download sqlmap 0.7 here:<\/p>\n Linux Source: sqlmap-0.7.tar.gz<\/a> <\/p>\n\n
\nWindows Portable: sqlmap-0.7_exe.zip<\/a><\/p>\n