[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
- To: "A. Ramos" <aramosf@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Pangolin v1.2.590 - The best SQL injector you've ever seen
- From: "Razi Shaban" <razishaban@xxxxxxxxx>
- Date: Wed, 26 Mar 2008 19:01:35 +0200
Hmm...
Backdoors eh?
Nice try.
--
razi
On 3/26/08, A. Ramos <aramosf@xxxxxxxxx> wrote:
> Take a look over:
> http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
>
>
>
> 2008/3/26 <zwell@xxxxxxxx>:
>
> >
> >
> >
> >
> > Pangolin is a GUI tool running on Windows to perform as more as possible
> > pen-testing through SQL injection. This version now supports following
> > databases and operations:
> >
> > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
> > Download file, Read file, File Browser...
> > * MYSQL : Server informations, Datas, Read file, Write file...
> > * ORACLE : Server informations, Datas, Accounts cracking...
> > * PGSQL : Server informations, Datas, Read file...
> > * DB2 : Server informations, Datas, ...
> > * INFORMIX : Server informations, Datas, ...
> > * SQLITE : Server informations, Datas, ...
> > * ACCESS : Server informations, Datas, ...
> > * SYBASE : Server informations, Datas, ...
> > etc.
> >
> > And supports:
> > * HTTPS support
> > * Pre-Login
> > * Proxy
> > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
> > * Bypass firewall setting
> > * Auto-analyzing keyword
> > * Detailed check optio ns
> > * Injection-points management
> > etc.
> >
> > What's the differents to the others?
> > * Easy-of-use : What I try to do is making pen-tester more care about
> > result, not the process. All you should do is clicking the buttons.
> > * Amazing Speed : so many people told you things about brute sql injection,
> > is it really necessary? Forget char-by-char, we can row-by-row(of cource,
> > not every injection-point can do this)?
> > * The exact check mothod : do you really think automated tools like
> > AWVS,APPSCAN can find all injection-points?
> >
> > So, whatever, just check it out, and then enjoy your feeling ;)
> > More information : http://www.nosec.org/web/index.php?q=pangolin
> > Download : http://seclab.nosec.org/security/pangolin_bin.rar
> >
> > Declare: Pangolin is designed for security testing by pen-tester when he
> has
> > been authorized. DO NOT attack any website viciously or accept the
> > consequences!!!
> >
> >
> >
> > ________________________________
> >
> > 2008年薪水翻倍技巧
> > *用搜狗拼音写邮件,体验更流畅的中文输入>>
>
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
>
> --
> Alejandro Ramos / Alex -- (aramosf@xxxxxxxxx)
> molling://CISSP/GWAS/CISA
> http://www.unsec.net
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/