Full Disclosure: Re: Pangolin v1.2.590 - The best SQL injector you've ever seen

["Razi Shaban" <razishaban () gmail com>]

Hmm...
Backdoors eh?

Nice try.

--
razi

On 3/26/08, A. Ramos <aramosf () unsec net> wrote:
> Take a look over:
>  http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
>
>
>
>  2008/3/26  <zwell () sohu com>:
>
> >
>  >
>  >
>  >
>  > Pangolin is a GUI tool running on Windows to perform as more as possible
>  > pen-testing through SQL injection. This version now supports following
>  > databases and operations:
>  >
>  > * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
>  > Download file, Read file, File Browser...
>  > * MYSQL : Server informations, Datas, Read file, Write file...
>  > * ORACLE : Server informations, Datas, Accounts cracking...
>  > * PGSQL : Server informations, Datas, Read file...
>  > * DB2 : Server informations, Datas, ...
>  > * INFORMIX : Server informations, Datas, ...
>  > * SQLITE : Server informations, Datas, ...
>  > * ACCESS : Server informations, Datas, ...
>  > * SYBASE : Server informations, Datas, ...
>  > etc.
>  >
>  > And supports:
>  > * HTTPS support
>  > * Pre-Login
>  > * Proxy
>  > * Specify any HTTP headers(User-agent, Cookie, Referer and so on)
>  > * Bypass firewall setting
>  > * Auto-analyzing keyword
>  > * Detailed check optio ns
>  > * Injection-points management
>  > etc.
>  >
>  > What's the differents to the others?
>  > * Easy-of-use : What I try to do is making pen-tester more care about
>  > result, not the process. All you should do is clicking the buttons.
>  > * Amazing Speed : so many people told you things about brute sql injection,
>  > is it really necessary? Forget char-by-char, we can row-by-row(of cource,
>  > not every injection-point can do this)?
>  > * The exact check mothod : do you really think automated tools like
>  > AWVS,APPSCAN can find all injection-points?
>  >
>  > So, whatever, just check it out, and then enjoy your feeling ;)
>  > More information : http://www.nosec.org/web/index.php?q=pangolin
>  > Download : http://seclab.nosec.org/security/pangolin_bin.rar
>  >
>  > Declare: Pangolin is designed for security testing by pen-tester when he has
>  > been authorized. DO NOT attack any website viciously or accept the
>  > consequences!!!
>  >
>  >
>  >
>  > ________________________________
>  >
>  >  2008年薪水翻倍技巧
>  > *用搜狗拼音写邮件，体验更流畅的中文输入>>
>
> > _______________________________________________
>  >  Full-Disclosure - We believe in it.
>  >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >  Hosted and sponsored by Secunia - http://secunia.com/
>  >
>
>
>
>
>  --
>  Alejandro Ramos / Alex -- (aramosf () unsec net)
>  molling://CISSP/GWAS/CISA
>  http://www.unsec.net
>
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/