[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Pangolin is updated(1.2.5.604)

From: "Vincent Chao" <zwell.nosec@xxxxxxxxx>
Subject: [WEB SECURITY] Pangolin is updated(1.2.5.604)
Date: Sat, 17 May 2008 23:40:27 +0800
------=_NextPart_000_0042_01C8B877.690F2B80
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi, all:

I'm glad to tell you that Pangolin, the wonderful Sql injection tool, has
been updated to version 1.2.5.604. You can download it from here:
http://www.nosec.org/web/pangolin

Pangolin is a GUI tool running on Windows to perform as more as possible
pen-testing through SQL injection. This version now supports following
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc.

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management
etc.

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about
result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection,
is it really necessary? Forget char-by-char, we can row-by-row(of cource,
not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)

 


------=_NextPart_000_0042_01C8B877.690F2B80
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:\5B8B\4F53;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:\5B8B\4F53;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@\5B8B\4F53";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	text-align:justify;
	text-justify:inter-ideograph;
	font-size:10.5pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	margin-top:7.2pt;
	margin-right:0cm;
	margin-bottom:14.4pt;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:\5B8B\4F53;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
 /* Page Definitions */
 @page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DZH-CN link=3Dblue vlink=3Dpurple =
style=3D'text-justify-trim:punctuation'>

<div class=3DSection1>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>Hi, =
all:<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>I&#8217;m glad to =
tell you that Pangolin,
the wonderful Sql injection tool, has been updated to version 1.2.5.604. =
You
can download it from here: =
http://www.nosec.org/web/pangolin<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>Pangolin is a GUI =
tool
running on Windows to perform as more as possible pen-testing through =
SQL
injection. This version now supports following databases and =
operations:<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>* MSSQL : Server
informations, Datas, CMD execute, Regedit, Write file, Download file, =
Read
file, File Browser...<br>
* MYSQL : Server informations, Datas, Read file, Write file...<br>
* ORACLE : Server informations, Datas, Accounts cracking...<br>
* PGSQL : Server informations, Datas, Read file...<br>
* DB2 : Server informations, Datas, ...<br>
* INFORMIX : Server informations, Datas, ...<br>
* SQLITE : Server informations, Datas, ...<br>
* ACCESS : Server informations, Datas, ...<br>
* SYBASE : Server informations, Datas, ...<br>
etc.<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>And supports:<br>
* HTTPS support<br>
* Pre-Login<br>
* Proxy<br>
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)<br>
* Bypass firewall setting<br>
* Auto-analyzing keyword<br>
* Detailed check options<br>
* Injection-points management<br>
etc.<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>What's the =
differents to
the others?<br>
* Easy-of-use : What I try to do is making pen-tester more care about =
result,
not the process. All you should do is clicking the buttons.<br>
* Amazing Speed : so many people told you things about brute sql =
injection, is
it really necessary? Forget char-by-char, we can row-by-row(of cource, =
not
every injection-point can do this)?<br>
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>So, whatever, just =
check
it out, and then enjoy your feeling ;)<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN><o:p>&nbsp;</o:p></span></p>

</div>

</body>

</html>

------=_NextPart_000_0042_01C8B877.690F2B80--
Prev by Date: [WEB SECURITY] widespread sql injection + javascript malware
Next by Date: [WEB SECURITY] Static Code Analysis... Problem/Solution
Previous by thread: [WEB SECURITY] widespread sql injection + javascript malware
Next by thread: [WEB SECURITY] Static Code Analysis... Problem/Solution
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site