[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <26d709760803260904s4c128098n23e624204d6a9801@mail.gmail.com>
Date: Wed, 26 Mar 2008 17:04:04 +0100
From: "A. Ramos" <aramosf@...ec.net>
To: zwell@...u.com
Cc: full-disclosure@...ts.grok.org.uk, webappsec@...urityfocus.com
Subject: Re: Pangolin v1.2.590 - The best SQL injector
you've ever seen
Take a look over:
http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
2008/3/26 <zwell@...u.com>:
>
>
>
>
> Pangolin is a GUI tool running on Windows to perform as more as possible
> pen-testing through SQL injection. This version now supports following
> databases and operations:
>
> * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
> Download file, Read file, File Browser...
> * MYSQL : Server informations, Datas, Read file, Write file...
> * ORACLE : Server informations, Datas, Accounts cracking...
> * PGSQL : Server informations, Datas, Read file...
> * DB2 : Server informations, Datas, ...
> * INFORMIX : Server informations, Datas, ...
> * SQLITE : Server informations, Datas, ...
> * ACCESS : Server informations, Datas, ...
> * SYBASE : Server informations, Datas, ...
> etc.
>
> And supports:
> * HTTPS support
> * Pre-Login
> * Proxy
> * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
> * Bypass firewall setting
> * Auto-analyzing keyword
> * Detailed check optio ns
> * Injection-points management
> etc.
>
> What's the differents to the others?
> * Easy-of-use : What I try to do is making pen-tester more care about
> result, not the process. All you should do is clicking the buttons.
> * Amazing Speed : so many people told you things about brute sql injection,
> is it really necessary? Forget char-by-char, we can row-by-row(of cource,
> not every injection-point can do this)?
> * The exact check mothod : do you really think automated tools like
> AWVS,APPSCAN can find all injection-points?
>
> So, whatever, just check it out, and then enjoy your feeling ;)
> More information : http://www.nosec.org/web/index.php?q=pangolin
> Download : http://seclab.nosec.org/security/pangolin_bin.rar
>
> Declare: Pangolin is designed for security testing by pen-tester when he has
> been authorized. DO NOT attack any website viciously or accept the
> consequences!!!
>
>
>
> ________________________________
>
> 2008年薪水翻倍技巧
> *用搜狗拼音写邮件,体验更流畅的中文输入>>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Alejandro Ramos / Alex -- (aramosf@...ec.net)
molling://CISSP/GWAS/CISA
http://www.unsec.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists