mailing list archives
:: BobCat Alpha v0.2 ::
From: Dave <dave () northern-monkee co uk>
Date: Fri, 03 Feb 2006 17:01:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
:: What is it? ::
BobCat is a tool to aid a security consultant in taking full advantage
of SQL injection vulnerabilities. It is based on a tool named "Data
Thief" that was published as PoC by appsecinc. BobCat can exploit SQL
injection bugs/opportunities in web applications, independent of
language, but dependent on MS SQL as the back end DB.
:: More Info ::
E-Mail: bobcat () northern-monkee co uk
:: Requirements ::
In order for BobCat to be useful you need the following:
a) an application that is vulnerable to SQL injection.
b) an MS SQL server/MSDE 2000 instance that is;
reachable from the client you are running bobcat from and;
reachable from the remote db that you are running commands on.
c) a privileged account on local DB (sa preferable).
:: Download ::
Download BobCat Alpha v0.2 from:
Accompanying tools can be obtained from:
:: Notes ::
Please report all grumbles, gripes and bugs to:
e-mail: bobcat () northern-monkee co uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- :: BobCat Alpha v0.2 :: Dave (Feb 03)