diff --git a/doc/ChangeLog b/doc/ChangeLog index c30c7444c..91d501fa9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,26 +1,32 @@ sqlmap (0.9-1) stable; urgency=low - * Added support to directly connect to the database without passing via - a SQL injection, -d switch (Bernardo and Miroslav). + * Support to directly connect to the database without passing via a + SQL injection, -d switch (Bernardo and Miroslav). + * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). + * Initial support for SAP MaxDB (Miroslav). * Added support to enumerate roles on Oracle, --roles switch (Bernardo). - * Implemented feature to speedup the enumeration of table names - (Miroslav). * Extended old '--dump -C' functionality to be able to search for specific database(s), table(s) and column(s), --search switch (Bernardo). - * Added support to fetch unicode data (Bernardo and Miroslav). * Added support for SOAP based web services requests (Bernardo). + * Added support to fetch unicode data (Bernardo and Miroslav). * Added support to use persistent HTTP(s) connection for speed improvement, --keep-alive switch (Miroslav). * Implemented HTTP proxy authentication support, --proxy-cred switch (Miroslav). - * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). - * Added initial support for SAP MaxDB (Miroslav). - * Added safe URL feature, --safe-url and --safe-freq (Miroslav). - * Added --use-between switch to use BETWEEN syntax in inferencial - statement and bypass firewalls filtering '>' character (Bernardo and - Miroslav). + * Implemented feature to speedup the enumeration of table names + (Miroslav). * Support for customizable HTTP redirections (Bernardo). + * Support to replicate the back-end DBMS tables structure and entries + in a local SQLite 3 database (Miroslav). IN PROGRESS + * Added switches to brute-force table names with a dictionary attack, + --common-exists and --exists. Useful for instance when system table + 'information_schema' is not available on MySQL (Miroslav). + * Basic support for REST-style URL parameters by using the asterisk (*) + to mark where to test for and exploit SQL injection (Miroslav). + * Added safe URL feature, --safe-url and --safe-freq (Miroslav). + * Added --text-only switch to strip from the HTTP body the HTML/JS code + and compare pages based only on their textual content (Miroslav). * Several bugs fixed (Bernardo and Miroslav). * Major code refactoring (Bernardo and Miroslav). * User's manual updated (Bernardo).