[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <webappsec@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
From: <zwell@xxxxxxxx>
Date: Wed, 26 Mar 2008 22:26:18 +0800 (CST)

<p>Pangolin is a GUI tool running on Windows to perform as more as possible 
pen-testing through SQL injection. This version now supports following 
databases and operations:</p><p>* MSSQL : Server informations, Datas, CMD 
execute, Regedit, Write file, Download file, Read file, File Browser...<br />* 
MYSQL : Server informations, Datas, Read file, Write file...<br />* ORACLE : 
Server informations, Datas, Accounts cracking...<br />* PGSQL : Server 
informations, Datas, Read file...<br />* DB2 : Server informations, Datas, 
...<br />* INFORMIX : Server informations, Datas, ...<br />* SQLITE : Server 
informations, Datas, ...<br />* ACCESS : Server informations, Datas, ...<br />* 
SYBASE : Server informations, Datas, ...<br />etc.</p><p>And supports:<br />* 
HTTPS support<br />* Pre-Login<br />* Proxy<br />* Specify any HTTP 
headers(User-agent, Cookie, Referer and so on)<br />* Bypass firewall 
setting<br />* Auto-analyzing keyword<br />* Detailed check options<br />* 
Injection-points ma
 nagement<br />etc.</p><p>What's the differents to the others?<br />* 
Easy-of-use : What I try to do is making pen-tester more care about result, not 
the process. All you should do is clicking the buttons.<br />* Amazing Speed : 
so many people told you things about brute sql injection, is it really 
necessary? Forget char-by-char, we can row-by-row(of cource, not every 
injection-point can do this)?<br />* The exact check mothod : do you really 
think automated tools like AWVS,APPSCAN can find all 
injection-points?</p><p>So, whatever, just check it out, and then enjoy your 
feeling ;)<br />More information : 
http://www.nosec.org/web/index.php?q=pangolin<br />Download : 
http://seclab.nosec.org/security/pangolin_bin.rar</p><p>Declare: Pangolin is 
designed for security testing by pen-tester when he has been authorized. DO NOT 
attack any website viciously or accept the consequences!!!</p>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
  - From: A. Ramos
- Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
  - From: Tim Kunschke

Prev by Date: [Full-disclosure] [USN-592-1] Firefox vulnerabilities
Next by Date: [Full-disclosure] Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720
Previous by thread: [Full-disclosure] [USN-592-1] Firefox vulnerabilities
Next by thread: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
Index(es):
- Date
- Thread