Full Disclosure mailing list archives
Re: Pangolin v1.2.590 - The best SQL injector you've ever seen
From: Tim Kunschke <tim () timmey homelinux com>
Date: Wed, 26 Mar 2008 19:10:12 +0100
o0 hmm nice try 0o I will not really know how many people now have a trojan horse or worm on their Pc. °°°°snake°°°° zwell () sohu com schrieb:
Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations: * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser... * MYSQL : Server informations, Datas, Read file, Write file... * ORACLE : Server informations, Datas, Accounts cracking... * PGSQL : Server informations, Datas, Read file... * DB2 : Server informations, Datas, ... * INFORMIX : Server informations, Datas, ... * SQLITE : Server informations, Datas, ... * ACCESS : Server informations, Datas, ... * SYBASE : Server informations, Datas, ... etc. And supports: * HTTPS support * Pre-Login * Proxy * Specify any HTTP headers(User-agent, Cookie, Referer and so on) * Bypass firewall setting * Auto-analyzing keyword * Detailed check options * Injection-points management etc. What's the differents to the others? * Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons. * Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)? * The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points? So, whatever, just check it out, and then enjoy your feeling ;) More information : http://www.nosec.org/web/index.php?q=pangolin Download : http://seclab.nosec.org/security/pangolin_bin.rar Declare: Pangolin is designed for security testing by pen-tester when he has been authorized. DO NOT attack any website viciously or accept the consequences!!! ------------------------------------------------------------------------ 2008年薪水翻倍技巧 <http://doc.go.sohu.com/200802/5e1b674ab8183f3db8baba8ee4c6dd53.php> *用搜狗拼音写邮件,体验更流畅的中文输入>> <http://goto.mail.sohu.com/goto.php3?code=mailadt-ta> ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen, (continued)
- Re: Pangolin v1.2.590 - The best SQL injector you've ever seen davidrook (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen josh (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Tim Kunschke (Mar 26)
- Message not available
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Ricardo Giorgi (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Tim Kunschke (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Russ McRee (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Micheal Cottingham (Mar 26)
- Re: Pangolin v1.2.590 - The best SQLinjector you've ever seen Luther D. Anderson (Mar 27)