Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've e

from [A. Ramos] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
Date: Wed, 26 Mar 2008 17:04:04 +0100 
Take a look over:
http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c



2008/3/26  <zwell@sohu.com>:





Pangolin is a GUI tool running on Windows to perform as more as possible
pen-testing through SQL injection. This version now supports following
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc.

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check optio ns
* Injection-points management
etc.

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about
result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection,
is it really necessary? Forget char-by-char, we can row-by-row(of cource,
not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)
More information : http://www.nosec.org/web/index.php?q=pangolin
Download : http://seclab.nosec.org/security/pangolin_bin.rar

Declare: Pangolin is designed for security testing by pen-tester when he has
been authorized. DO NOT attack any website viciously or accept the
consequences!!!



________________________________

 2008年薪水翻倍技巧
*用搜狗拼音写邮件,体验更流畅的中文输入>>
_______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/





-- 
Alejandro Ramos / Alex -- (aramosf@unsec.net)
molling://CISSP/GWAS/CISA
http://www.unsec.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, zwell
Next by Date:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, Razi Shaban
Previous by Thread:  [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, zwell
Next by Thread:  Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen, Razi Shaban
Indexes:  [Date] [Thread] [Top] [All Lists]