[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Pangolin v1.3.0.624 is out

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <pen-test@xxxxxxxxxxxxxxxxx>, <webappsec@xxxxxxxxxxxxxxxxx>, <websecurity@xxxxxxxxxxxxx>
Subject: [Full-disclosure] Pangolin v1.3.0.624 is out
From: "Vincent Chao" <zwell.nosec@xxxxxxxxx>
Date: Mon, 26 May 2008 00:42:16 +0800

Hi, all:

I’m glad to tell you that Pangolin, the wonderful Sql injection tool, has been 
updated to version 1.3.0.624. In this version, I’ve added some new functions in 
it, and fixed some bugs:
1.Added Oracle Remote Data Reader function
2.Multi-language supported
3.Fixed corrupted characters problem
4.Support MSSQL2005 now ( you know, how to restore stored procedure in MSSQL 
2005)
5.Fixed proxy issues which cannot use localhost proxy
6.anything else......
You can download it from here: http://www.nosec.org/web/pangolin
Please feel free to contact us with any questions you may have, thanks ;)

=======================================================

Pangolin is a GUI tool running on Windows to perform as more as possible 
pen-testing through SQL injection. This version now supports following 
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, 
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc.

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management
etc.

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about result, 
not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection, is 
it really necessary? Forget char-by-char, we can row-by-row(of cource, not 
every injection-point can do this)?
* The exact check mothod : do you really think automated tools like 
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Need some help with management
Next by Date: [Full-disclosure] SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability
Previous by thread: Re: [Full-disclosure] Media blackout on Cisco IOS rootkit presentation?
Next by thread: [Full-disclosure] SECOBJADV-2008-01: Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability
Index(es):
- Date
- Thread