Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever

from [zwell] Network Security [Permanent Link]
Subject: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
Date: Wed, 26 Mar 2008 22:26:18 +0800 (CST) 
<p>Pangolin is a GUI tool running on Windows to perform as more as possible 
pen-testing through SQL injection. This version now supports following 
databases and operations:</p><p>* MSSQL : Server informations, Datas, CMD 
execute, Regedit, Write file, Download file, Read file, File Browser...<br />* 
MYSQL : Server informations, Datas, Read file, Write file...<br />* ORACLE : 
Server informations, Datas, Accounts cracking...<br />* PGSQL : Server 
informations, Datas, Read file...<br />* DB2 : Server informations, Datas, 
...<br />* INFORMIX : Server informations, Datas, ...<br />* SQLITE : Server 
informations, Datas, ...<br />* ACCESS : Server informations, Datas, ...<br />* 
SYBASE : Server informations, Datas, ...<br />etc.</p><p>And supports:<br />* 
HTTPS support<br />* Pre-Login<br />* Proxy<br />* Specify any HTTP 
headers(User-agent, Cookie, Referer and so on)<br />* Bypass firewall 
setting<br />* Auto-analyzing keyword<br />* Detailed check options<br />* 
Injection-points ma
 nagement<br />etc.</p><p>What's the differents to the others?<br />* 
Easy-of-use : What I try to do is making pen-tester more care about result, not 
the process. All you should do is clicking the buttons.<br />* Amazing Speed : 
so many people told you things about brute sql injection, is it really 
necessary? Forget char-by-char, we can row-by-row(of cource, not every 
injection-point can do this)?<br />* The exact check mothod : do you really 
think automated tools like AWVS,APPSCAN can find all 
injection-points?</p><p>So, whatever, just check it out, and then enjoy your 
feeling ;)<br />More information : 
http://www.nosec.org/web/index.php?q=pangolin<br />Download : 
http://seclab.nosec.org/security/pangolin_bin.rar</p><p>Declare: Pangolin is 
designed for security testing by pen-tester when he has been authorized. DO NOT 
attack any website viciously or accept the consequences!!!</p>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenID and the web, Eric Marden
Next by Date:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, A. Ramos
Previous by Thread:  OpenID and the web, Steven Rakick
Next by Thread:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, A. Ramos
Indexes:  [Date] [Thread] [Top] [All Lists]