[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Pangolin v1.3.0.624 is out

From: "Vincent Chao" <zwell.nosec@xxxxxxxxx>
Subject: [WEB SECURITY] Pangolin v1.3.0.624 is out
Date: Mon, 26 May 2008 00:42:16 +0800
------=_NextPart_000_000F_01C8BEC9.61130700
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi, all:

I=E2=80=99m glad to tell you that Pangolin, the wonderful Sql injection =
tool, has been updated to version 1.3.0.624. In this version, =
I=E2=80=99ve added some new functions in it, and fixed some bugs:
1.Added Oracle Remote Data Reader function
2.Multi-language supported
3.Fixed corrupted characters problem
4.Support MSSQL2005 now ( you know, how to restore stored procedure in =
MSSQL 2005)
5.Fixed proxy issues which cannot use localhost proxy
6.anything else......
You can download it from here: http://www.nosec.org/web/pangolin
Please feel free to contact us with any questions you may have, thanks =
;)

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D

Pangolin is a GUI tool running on Windows to perform as more as possible =
pen-testing through SQL injection. This version now supports following =
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, =
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc.

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management
etc.

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about =
result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql =
injection, is it really necessary? Forget char-by-char, we can =
row-by-row(of cource, not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like =
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)

=20


------=_NextPart_000_000F_01C8BEC9.61130700
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:=E5=AE=8B=E4=BD=93;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:=E5=AE=8B=E4=BD=93;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@=E5=AE=8B=E4=BD=93";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	text-align:justify;
	text-justify:inter-ideograph;
	font-size:10.5pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	margin-top:7.2pt;
	margin-right:0cm;
	margin-bottom:14.4pt;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:=E5=AE=8B=E4=BD=93;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
 /* Page Definitions */
 @page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DZH-CN link=3Dblue vlink=3Dpurple =
style=3D'text-justify-trim:punctuation'>

<div class=3DSection1>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>Hi, =
all:<o:p></o:p></span></p>

<p style=3D'text-indent:21.0pt;line-height:170%'><span lang=3DEN =
style=3D'font-size:
9.0pt;line-height:170%;font-family:"Verdana","sans-serif";color:black'>I=E2=
=80=99m glad
to tell you that Pangolin, the wonderful Sql injection tool, has been =
updated
to version 1.3.0.624. In this version, I=E2=80=99ve added some new =
functions in it, and
fixed some bugs:<br>
1.Added Oracle Remote Data Reader function<br>
2.Multi-language supported<br>
3.Fixed </span><span lang=3DEN-US =
style=3D'font-size:9.0pt;line-height:170%;
font-family:"Verdana","sans-serif"'>corrupted characters problem<br>
<span style=3D'color:black'>4.Support MSSQL2005 now ( you know, how to =
restore stored
procedure in MSSQL 2005)<br>
5.Fixed proxy issues which cannot use localhost proxy<br>
6.anything else......</span></span><span lang=3DEN =
style=3D'font-size:9.0pt;
line-height:170%;font-family:"Verdana","sans-serif";color:black'><br>
You can download it from here: <a =
href=3D"http://www.nosec.org/web/pangolin";>http://www.nosec.org/web/pango=
lin</a><br>
Please feel free to contact us with any questions you may have, thanks =
;)<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<o:p=
></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>Pangolin is a GUI =
tool
running on Windows to perform as more as possible pen-testing through =
SQL
injection. This version now supports following databases and =
operations:<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>* MSSQL : Server =
informations,
Datas, CMD execute, Regedit, Write file, Download file, Read file, File
Browser...<br>
* MYSQL : Server informations, Datas, Read file, Write file...<br>
* ORACLE : Server informations, Datas, Accounts cracking...<br>
* PGSQL : Server informations, Datas, Read file...<br>
* DB2 : Server informations, Datas, ...<br>
* INFORMIX : Server informations, Datas, ...<br>
* SQLITE : Server informations, Datas, ...<br>
* ACCESS : Server informations, Datas, ...<br>
* SYBASE : Server informations, Datas, ...<br>
etc.<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>And supports:<br>
* HTTPS support<br>
* Pre-Login<br>
* Proxy<br>
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)<br>
* Bypass firewall setting<br>
* Auto-analyzing keyword<br>
* Detailed check options<br>
* Injection-points management<br>
etc.<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>What's the =
differents to
the others?<br>
* Easy-of-use : What I try to do is making pen-tester more care about =
result,
not the process. All you should do is clicking the buttons.<br>
* Amazing Speed : so many people told you things about brute sql =
injection, is
it really necessary? Forget char-by-char, we can row-by-row(of cource, =
not
every injection-point can do this)?<br>
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?<o:p></o:p></span></p>

<p style=3D'line-height:170%'><span lang=3DEN =
style=3D'font-size:9.0pt;line-height:
170%;font-family:"Verdana","sans-serif";color:black'>So, whatever, just =
check
it out, and then enjoy your feeling ;)<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN><o:p>&nbsp;</o:p></span></p>

</div>

</body>

</html>

------=_NextPart_000_000F_01C8BEC9.61130700--
Prev by Date: Re: [WEB SECURITY] IP address change: relogin
Next by Date: [WEB SECURITY] client-side "transaction monitoring" beacons
Previous by thread: [WEB SECURITY] IP address change: relogin
Next by thread: [WEB SECURITY] client-side "transaction monitoring" beacons
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site