[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Pangolin v1.2.590 - The best SQL injector you've ever seen

From: <zwell@xxxxxxxx>
Subject: [WEB SECURITY] Pangolin v1.2.590 - The best SQL injector you've ever seen
Date: Wed, 26 Mar 2008 22:14:58 +0800 (CST)

------=_Part_939_3338956.1206540898809
Content-Type: multipart/alternative; 
	boundary="----=_Part_938_7672578.1206540898808"

------=_Part_938_7672578.1206540898808
Content-Type: text/plain; charset="GB2312"
Content-Transfer-Encoding: 8bit

<p>Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:</p><p>* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...<br />* MYSQL : Server informations, Datas, Read file, Write file...<br />* ORACLE : Server informations, Datas, Accounts cracking...<br />* PGSQL : Server informations, Datas, Read file...<br />* DB2 : Server informations, Datas, ...<br />* INFORMIX : Server informations, Datas, ...<br />* SQLITE : Server informations, Datas, ...<br />* ACCESS : Server informations, Datas, ...<br />* SYBASE : Server informations, Datas, ...<br />etc.</p><p>And supports:<br />* HTTPS support<br />* Pre-Login<br />* Proxy<br />* Specify any HTTP headers(User-agent, Cookie, Referer and so on)<br />* Bypass firewall setting<br />* Auto-analyzing keyword<br />* Detailed check options<br />* Injection-points management<br />etc.</p><p>What's the differents to the others?<br />* Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons.<br />* Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?<br />* The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points?</p><p>So, whatever, just check it out, and then enjoy your feeling ;)<br />More information : http://www.nosec.org/web/index.php?q=pangolin<br />Download : http://seclab.nosec.org/security/pangolin_bin.rar</p><p>Declare: Pangolin is designed for security testing by pen-tester when he has been authorized. DO NOT attack any website viciously or accept the consequences!!!</p>
------=_Part_938_7672578.1206540898808
Content-Type: text/html
Content-Transfer-Encoding: 8bit

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GB2312"></head>
<body>
<!--SOHUMAIL_HTML_HEAD_END--><p>Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:</p><p>* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...<br />* MYSQL : Server informations, Datas, Read file, Write file...<br />* ORACLE : Server informations, Datas, Accounts cracking...<br />* PGSQL : Server informations, Datas, Read file...<br />* DB2 : Server informations, Datas, ...<br />* INFORMIX : Server informations, Datas, ...<br />* SQLITE : Server informations, Datas, ...<br />* ACCESS : Server informations, Datas, ...<br />* SYBASE : Server informations, Datas, ...<br />etc.</p><p>And supports:<br />* HTTPS support<br />* Pre-Login<br />* Proxy<br />* Specify any HTTP headers(User-agent, Cookie, Referer and so on)<br />* Bypass firewall setting<br />* Auto-analyzing keyword<br />* Detailed check options<br />* Injection-points management<br />etc.</p><p>What's the differents to the others?<br />* Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons.<br />* Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?<br />* The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points?</p><p>So, whatever, just check it out, and then enjoy your feeling ;)<br />More information : http://www.nosec.org/web/index.php?q=pangolin<br />Download : http://seclab.nosec.org/security/pangolin_bin.rar</p><p>Declare: Pangolin is designed for security testing by pen-tester when he has been authorized. DO NOT attack any website viciously or accept the consequences!!!</p><br><br><div class="idiograph" style="border:0px #A74A1E solid"><div class="w290"><div class="w134"></div><div class="w156"></div><div class="clear"></div></div></div><hr size=1><style type="text/css">
<!--
a {font-size:12px;color:black}
a:hover {font-size:12px;text-decoration:underline}
.b{font-family:Arial; font-size:80%; margin-bottom:2px;color:#0000CC}
.pp{font-family:Arial;font-size:10px}
-->
</style>
<table border=0>
<tr><td height=18>
<a href="http://doc.go.sohu.com/200802/5e1b674ab8183f3db8baba8ee4c6dd53.php";  target=_blank>2008年薪水翻倍技巧</a>
<tr><td height=18><a href="http://goto.mail.sohu.com/goto.php3?code=mailadt-ta"; target="_blank">*用搜狗拼音写邮件，体验更流畅的中文输入>></a>
</td></tr>
</table>
<!--SOHUMAIL_HTML_TAIL_END--></body>
</html>
------=_Part_938_7672578.1206540898808--

------=_Part_939_3338956.1206540898809--

Follow-Ups:
- Re: [WEB SECURITY] Pangolin v1.2.590 - The best SQL injector you've ever seen
  - From: robert
- Re: [WEB SECURITY] Pangolin v1.2.590 - The best SQL injector you've ever seen (shipped with rbot and loaders?)
  - From: ascii

Prev by Date: RE: [WEB SECURITY] Query: Are Firewalls obsolete in an Enterprise Web Service Environment?
Next by Date: RE: [WEB SECURITY] UTF7 a requirement?
Previous by thread: [WEB SECURITY] Query: Are Firewalls obsolete in an Enterprise Web Service Environment?
Next by thread: Re: [WEB SECURITY] Pangolin v1.2.590 - The best SQL injector you've ever seen
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site