Updated history SGML file

bdamele · bdamele · commit 7bf31f54b884 · 2010-05-06T10:54:13.000Z
diff --git a/doc/history.sgml b/doc/history.sgml
@@ -17,35 +17,92 @@ for the latest version.
 <sect>2010
 
 <itemize>
-<item><bf>...</bf>
-<item><bf>...</bf>
-<item><bf>...</bf>
-<item><bf>...</bf>
-<item><bf>...</bf>
-<item><bf>...</bf>
+<item><bf>March 14</bf>, <htmlurl name="Bernardo and Miroslav"
+url="http://sqlmap.sourceforge.net/#author"> release stable version of 
+sqlmap <bf>0.8</bf> featuring many features. Amongst these, support to
+enumerate and dump all databases' tables containing user provided
+column(s), stabilization and enhancements to the takeover functionalities,
+updated integration with Metasploit 3.3.3 and a lot of minor features and
+bug fixes.
+<item><bf>January</bf>, Bernardo is <htmlurl name="invited"
+url="http://www.athcon.org/speakers/"> to present at <htmlurl
+name="AthCon" url="http://www.athcon.org"> conference in Greece on June
+2010.
 </itemize>
 
 
 <sect>2009
 
 <itemize>
+<item><bf>December 18</bf>, Miroslav Stampar replies to my public call
+for developers. He contributes actively in the development of sqlmap from
+version <bf>0.8 release candidate 2</bf>.
+
+<item><bf>December 12</bf>, Bernardo writes to the mailing list a post
+titled <htmlurl url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912150559x7da484d0q5a580512abf4592f%40mail.gmail.com&forum_name=sqlmap-users"
+name="sqlmap state of art - 3 years later"> highlighting the goals
+achieved during these first three years of the project and launches a call
+for developers.
+
+<item><bf>December 4</bf>, sqlmap-devel mailing list has been <htmlurl
+url="http://sourceforge.net/mailarchive/forum.php?thread_name=ffa432520912040135y55b92f63v356f77c74771f0d5%40mail.gmail.com&forum_name=sqlmap-users" name="merged"> into
+sqlmap-users <htmlurl name="mailing list" url="http://sqlmap.sourceforge.net/#ml">.
+
+<item><bf>November 20</bf>, Bernardo and Guido present again their
+research on stealth database server takeover at CONfidence 2009 in Warsaw,
+Poland.
+
+<item><bf>September 26</bf>, sqlmap version <bf>0.8 release candidate
+1</bf> goes public on the <htmlurl name="Subversion repository"
+url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/">, with all the attack
+vectors unveiled at SOURCE Barcelona 2009 Conference. These include an
+enhanced version of the Microsoft SQL Server buffer overflow exploit to
+automatically bypass DEP memory protection, support to establish the
+out-of-band connection with the database server by executing in-memory
+the Metasploit shellcode via UDF <em>sys_bineval()</em> (anti-forensics
+technique), support to access the Windows registry hives and support to
+inject custom user-defined functions.
+
+<item><bf>September 21</bf>, Bernardo and <htmlurl name="Guido Landi"
+url="http://www.pornosecurity.org"> <htmlurl name="present"
+url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> their research (<htmlurl name="slides"
+url="http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database">) at SOURCE Conference 2009 in Barcelona, Spain.
+
+<item><bf>August</bf>, Bernardo is accepted as a speaker to two others IT
+security conferences, <htmlurl url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009" name="SOURCE Barcelona 2009"> and <htmlurl url="http://200902.confidence.org.pl/"
+name="CONfidence 2009 Warsaw">.
+This new research is titled <em>Expanding the control over the operating
+system from the database</em>.
+
 <item><bf>July 25</bf>, stable version of sqlmap <bf>0.7</bf> is out!
 
+<item><bf>June 2</bf>, sqlmap version <bf>0.6.4</bf> has made it way to
+the official Ubuntu repository too.
+
 <item><bf>May</bf>, Bernardo presents again his research on operating
 system takeover via SQL injection at <htmlurl
 url="http://www.owasp.org/index.php/OWASP_AppSec_Europe_2009_-_Poland"
 name="OWASP AppSec Europe 2009"> in Warsaw, Poland and at <htmlurl
 url="http://eusecwest.com/" name="EUSecWest 2009"> in London, UK.
 
+<item><bf>May 8</bf>, sqlmap version <bf>0.6.4</bf> has been officially
+accepted in Debian repository. Details on <htmlurl
+url="http://bernardodamele.blogspot.com/2009/05/sqlmap-in-debian-package-repository.html"
+name="this blog post">.
+
 <item><bf>April 22</bf>, sqlmap version <bf>0.7 release candidate 1</bf>
-is published, with all the attack vectors unveiled at Black Hat Conference.
-This include execution of arbitrary commands on the underlying operating
+goes public, with all the attack vectors unveiled at Black Hat Europe 2009
+Conference.
+These include execution of arbitrary commands on the underlying operating
 system, full integration with Metasploit to establish an out-of-band
-TCP connection, first publicly available exploit for MS09-004 and others
+TCP connection, first publicly available exploit for Microsoft Security
+Bulletin <htmlurl url="http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx"
+name="MS09-004"> against Microsoft SQL Server 2000 and 2005 and others
 attacks to takeover the database server as a whole, not only the data from
 the database.
-<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides"
-name="presents"> his research (<htmlurl
+
+<item><bf>April 16</bf>, Bernardo <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
+name="presents"> his research (<htmlurl url="http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides" name="slides">, <htmlurl
 url="http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf"
 name="whitepaper">) at Black Hat Europe 2009 in Amsterdam, The Netherlands.
 The feedback from the audience is good and there has been some 
@@ -60,79 +117,77 @@ name="Front Range OWASP Conference 2009"> in Denver, USA. The presentation
 is titled <em>SQL injection: Not only AND 1=1</em>.
 
 <item><bf>February 24</bf>, Bernardo is accepted as a <htmlurl
-url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Damele"
+url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele"
 name="speaker"> at <htmlurl url="http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html"
 name="Black Hat Europe 2009"> with a presentation titled <em>Advanced SQL
 injection exploitation to operating system full control</em>.
 
 <item><bf>February 3</bf>, sqlmap <bf>0.6.4</bf> is the last point release
-of 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
-sqlmap can now be used to execute arbitrarly any SQL statement, not only
-SELECTs. Also, many features have been stabilized, tweaked and improved in
-terms of speed in this release.
+for 0.6: taking advantage of the stacked queries test implemented in 0.6.3,
+sqlmap can now be used to execute any arbitrary SQL statement, not only
+<em>SELECT</em> anymore. Also, many features have been stabilized, tweaked
+and improved in terms of speed in this release.
 
 <item><bf>January 9</bf>, Bernardo <htmlurl url="http://www.slideshare.net/inquis/sql-injection-exploitation-internals-presentation"
 name="presents"> <em>SQL injection exploitation internals</em> at a
-Corporate event.
+private event in London, UK.
 </itemize>
 
 
 <sect>2008
 
 <itemize>
-<item><bf>December 18</bf>, to celebrate Bernardo's first daughter birthday,
-sqlmap <bf>0.6.3</bf> is released featuring support to retrieve targets
-from Burp and WebScarab proxies log files, support to test for stacked
-queries ant time-based blind SQL injection, rough fingerprint of the web
-server and web application technologies in use and more options to
-customize the HTTP requests and enumerate further data from the database.
+<item><bf>December 18</bf>, sqlmap <bf>0.6.3</bf> is released featuring
+support to retrieve targets from Burp and WebScarab proxies log files,
+support to test for stacked queries ant time-based blind SQL injection,
+rough fingerprint of the web server and web application technologies in
+use and more options to customize the HTTP requests and enumerate more
+information from the database.
 
 <item><bf>November 2</bf>, sqlmap version <bf>0.6.2</bf> is a "bug fixes"
 release only.
 
-<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf> goes
+<item><bf>October 20</bf>, sqlmap first point release, <bf>0.6.1</bf>, goes
 public. This includes minor bug fixes and the first contact between the
 tool and <htmlurl url="http://metasploit.com/framework" name="Metasploit">:
 an auxiliary module to launch sqlmap from within Metasploit Framework.
-sqlmap <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
-name="subversion development repository"> goes public again.
+The <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/"
+name="Subversion development repository"> goes public again.
 
 <item><bf>September 1</bf>, nearly one year after the previous release,
-sqlmap <bf>0.6</bf> comes to life featuring the first major code
-refactoring, support to execute arbitrary SQL SELECT statements, more
-options to enumerate and dump specific information are added, brand new
-installation packages for Debian, Red Hat, Windows and much more.
+sqlmap <bf>0.6</bf> comes to life featuring a complete code
+refactoring, support to execute arbitrary SQL <em>SELECT</em> statements,
+more options to enumerate and dump specific information are added, brand
+new installation packages for Debian, Red Hat, Windows and much more.
 
 <item><bf>August</bf>, two public <htmlurl name="mailing lists"
 url="http://sqlmap.sourceforge.net/#ml"> are created on SourceForge.
 
-<item><bf>January</bf>, sqlmap development repository is moved away from
-SourceForge and goes private.
+<item><bf>January</bf>, sqlmap Subversion development repository is moved
+away from SourceForge and goes private for a while.
 </itemize>
 
 
 <sect>2007
 
 <itemize>
-<item><bf>December 15</bf>, Bernardo's first daughter is born and will
-keep him quite busy for the next months.
-
-<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the Spring
-of Code contest participation. Bernardo has <htmlurl
+<item><bf>November 4</bf>, release <bf>0.5</bf> marks the end of the OWASP
+Spring of Code 2007 contest participation. Bernardo has <htmlurl
 url="http://www.owasp.org/index.php/SpoC_007_-_SQLMap_-_Progress_Page"
 name="accomplished"> all the propsed objects which include initial support
 for Oracle, enhanced support for UNION query SQL injection and support to
-inject on HTTP Cookie and User-Agent headers.
+test and exploit injections on HTTP Cookie and User-Agent headers.
 
 <item><bf>June 15</bf>, Bernardo releases version <bf>0.4</bf> as a
-result of the first Spring of Code milestone. This release features,
-amongst others, improvements to the DBMS fingerprint engine, support to
-calculate the estimated time of arrival, options to enumerate specific
-data from the database server and brand new logging system.
+result of the first OWASP Spring of Code 2007 milestone. This release
+features, amongst others, improvements to the DBMS fingerprint engine,
+support to calculate the estimated time of arrival, options to enumerate
+specific data from the database server and brand new logging system.
 
 <item><bf>April</bf>, even though sqlmap was <bf>not</bf> and is <bf>not</bf>
 an OWASP project, it gets <htmlurl url="http://www.owasp.org/index.php/SpoC_007_-_SqlMap"
-name="accepted">, amongst many other open source projects to SpoC 2007.
+name="accepted">, amongst many other open source projects to OWASP Spring
+of Code 2007.
 
 <item><bf>March 30</bf>, Bernardo applies to OWASP <htmlurl
 url="http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Bernardo_-_sqlmap"
@@ -153,16 +208,17 @@ major enhancements to the DBMS fingerprint functionalities and replacement
 of the old inference algorithm with the bisection algorithm.
 
 <item><bf>September</bf>, Daniele leaves the project, <htmlurl
-url="http://bernardodamele.blogspot.com" name="Bernardo Damele"> takes it
-over.
+url="http://bernardodamele.blogspot.com" name="Bernardo Damele A. G.">
+takes it over.
 
 <item><bf>August</bf>, Daniele adds initial support for PostgreSQL and releases
 version <bf>0.1</bf>.
 
 <item><bf>July 25</bf>, <htmlurl url="http://dbellucci.blogspot.com" name="Daniele Bellucci">
 registers the sqlmap project on SourceForge and develops it on the
-SourceForge Subversion repository. The skeleton is implemented and limited
-support for MySQL added.
+<htmlurl url="http://sqlmap.svn.sourceforge.net/viewvc/sqlmap/"
+name="SourceForge Subversion repository">. The skeleton is implemented and
+limited support for MySQL added.
 </itemize>
 
 
