|
5 | 5 | at SQLSecurity.com and permission to implement the update feature |
6 | 6 | taking data from his site |
7 | 7 |
|
| 8 | +Daniele Bellucci < [email protected]> |
| 9 | + for starting sqlmap project and developing it between July and August |
| 10 | + 2006 |
| 11 | + |
8 | 12 | |
9 | 13 | for providing me with the sqlmap site favicon |
10 | 14 |
|
| 15 | + |
| 16 | + for his Windows access token kidnapping tool Churrasco included in |
| 17 | + sqlmap tree as a contrib library and used to run the stand-alone |
| 18 | + payload stager on the target Windows machine as SYSTEM user if the |
| 19 | + user wants to perform a privilege escalation attack, |
| 20 | + http://www.argeniss.com/research/Churrasco.zip |
| 21 | + |
11 | 22 | |
12 | 23 | for providing with the multithreading patch for the inference |
13 | 24 | algorithm |
|
19 | 30 | Stefano Di Paola < [email protected]> |
20 | 31 | for suggesting good features |
21 | 32 |
|
| 33 | + |
| 34 | + for promoting sqlmap in the context of the Penetration Testing and |
| 35 | + Vulnerability Analysis class at the Polytechnic University of New York, |
| 36 | + http://isisblogs.poly.edu/courses/pentest/ |
| 37 | + |
22 | 38 | |
23 | 39 | for reporting a few bugs |
24 | 40 |
|
|
33 | 49 | for suggesting a speed improvement for bisection algorithm |
34 | 50 | for reporting a bug when running against Microsoft SQL Server 2005 |
35 | 51 |
|
| 52 | + |
| 53 | + for helping me out with Python subprocess library |
| 54 | + |
36 | 55 | Ivan Giacomelli < [email protected]> |
37 | 56 | for reporting a bug |
38 | 57 | for suggesting a minor enhancement |
|
59 | 78 | for providing me with feedback on the user's manual |
60 | 79 |
|
61 | 80 | Alexander Kornbrust < [email protected]> |
62 | | - for reporting a bug |
| 81 | + for reporting a couple of bugs |
| 82 | + |
| 83 | + |
| 84 | + for the great technical discussions |
| 85 | + for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 |
| 86 | + 'sp_replwritetovarbin' stored procedure heap-based buffer overflow |
| 87 | + (MS09-004) exploit development, http://www.milw0rm.com/author/1413 |
63 | 88 |
|
64 | 89 | Nico Leidecker < [email protected]> |
65 | 90 | for providing me with feedback on a few features |
66 | 91 |
|
| 92 | + |
| 93 | + for reporting a bug |
| 94 | + |
67 | 95 | |
68 | 96 | for reporting a bug when injecting on a POST data parameter |
69 | 97 |
|
|
73 | 101 | for suggesting a lot of ideas and features |
74 | 102 |
|
75 | 103 | Ferruh Mavituna < [email protected]> |
76 | | - for providing me with ideas on the implementation on a couple of |
| 104 | + for providing me with ideas on the implementation of a couple of |
77 | 105 | new features |
78 | 106 |
|
79 | 107 | Enrico Milanese < [email protected]> |
|
83 | 111 | Roberto Nemirovsky < [email protected]> |
84 | 112 | for pointing me out some enhancements |
85 | 113 |
|
| 114 | +Markus Oberhumer < [email protected]> |
| 115 | + |
| 116 | +John F. Reiser < [email protected]> |
| 117 | + for their great tool UPX (Ultimate Packer for eXecutables) included |
| 118 | + in sqlmap tree as a contrib library and used mainly to pack the |
| 119 | + Metasploit Framework 3 payload stager portable executable, |
| 120 | + http://upx.sourceforge.net |
| 121 | + |
86 | 122 | Antonio Parata < [email protected]> |
87 | 123 | for providing me with some ideas for the PHP backdoor |
88 | 124 |
|
|
123 | 159 | for reporting a minor adjustment when running with python 2.6 |
124 | 160 |
|
125 | 161 | Sumit Siddharth < [email protected]> |
126 | | - for providing me with ideas on the implementation on a couple of |
| 162 | + for providing me with ideas on the implementation of a couple of |
127 | 163 | features |
128 | 164 |
|
129 | 165 | |
|
133 | 169 | for reporting a few bugs in --sql-shell and --sql-query on Microsoft |
134 | 170 | SQL Server |
135 | 171 |
|
| 172 | +Marek Stiefenhofer < [email protected]> |
| 173 | + for reporting a bug |
| 174 | + |
136 | 175 | |
137 | 176 | for reporting a bug when enumerating columns on Microsoft SQL Server |
138 | 177 | for suggesting a couple of improvements |
|
142 | 181 | for suggesting many features and reporting some bugs |
143 | 182 | for reviewing the documentation |
144 | 183 |
|
| 184 | +Andres Tarasco < [email protected]> |
| 185 | + for providing me with good feedback |
| 186 | + |
145 | 187 | |
146 | 188 | for helping me out to improve the Metasploit Framework 3 sqlmap |
147 | 189 | auxiliary module and for commiting it on the Metasploit official |
148 | | - Subversion repository |
| 190 | + subversion repository |
149 | 191 | for his great Metasploit WMAP Framework |
150 | 192 |
|
151 | 193 | |
|
160 | 202 | Kyprianos Vassilopoulos < [email protected]> |
161 | 203 | for reporting an unhandled connection exception |
162 | 204 |
|
| 205 | +Anthony Zboralski < [email protected]> |
| 206 | + for providing me with detailed feedback |
| 207 | + for reporting a few minor bugs |
| 208 | + for donating to sqlmap development |
| 209 | + |
163 | 210 | |
164 | 211 | for reporting a bug when running on Windows |
165 | 212 |
|
|
172 | 219 |
|
173 | 220 | == Organizations == |
174 | 221 |
|
| 222 | +Black Hat team < [email protected]> |
| 223 | + for the opportunity to present my research on 'Advanced SQL injection |
| 224 | + to operating system full control' at Black Hat Europe 2009 Briefings on |
| 225 | + April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of |
| 226 | + the sqlmap 0.7 release candidate version new features during my |
| 227 | + presentation |
| 228 | + |
| 229 | +Metasploit LLC < [email protected]> |
| 230 | + for their powerful tool Metasploit Framework 3, used by sqlmap, among |
| 231 | + others things, to create the payload stager and establish an |
| 232 | + out-of-band connection between sqlmap and the database server, |
| 233 | + http://www.metasploit.com/framework |
| 234 | + |
175 | 235 | OWASP Board <http://www.owasp.org> |
176 | 236 | for sponsoring part of the sqlmap development in the context of OWASP |
177 | 237 | Spring of Code 2007 |
0 commit comments