His solution allows SQLmap 0.8 to parses XML data from the SOAP protocol by modifying three files from the package. He’s made the diff files available if you need this functionality for your own ...

Sqlmap, also free and billed as an off-the-shelf, penetration-testing tool, uses a command-line interface and requires a little more programming experience to use.

While investigating the campaign, Qualys also discovered evidence that the attackers had accessed customers' data, including logs showing that they looked for SQL injection bugs using the sqlmap tool.

GambleForce simply scans websites with sqlmap and then injects malicious SQL code which enables it to bypass default authentication and access sensitive data, the report noted. It’s unclear how ...