[Full-disclosure] Unbelivable, Pangolin 3.2.3 free edition released



Thanks for http://3xploit.com/?p=90 good article, I am still using Pangolin
2.5.2 Free edition. The 3.2.3 is the latest version. :)



Pangolin 3.2.3 free edition released


Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool
for Website manager or IT Security analyst. Its goal is to detect and take
advantage of SQL injection vulnerabilities on web applications. Once it detects
one or more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database management system
fingerprint, retrieve DBMS session user and database, enumerate users, password
hashes, privileges, databases, dump entire or users specific DBMS
tables/columns, run his own SQL statement, read specific files on the file
system and more.

Test many types of databases
Your web applications using Access,DB2,Informix,Microsoft SQL Server
2000,Microsoft SQL Server 2005,Microsoft SQL Server
2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase?
Pangolin supports all of them.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall
setting, Injection Digger, Data dumper, etc.

Download from http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: R: [Full-Disclosure] sql injection question
    ... to gain unauthorised access to this database. ... > Oggetto: sql injection question ... > Full-Disclosure - We believe in it. ...
    (Full-Disclosure)
  • Re: SQL Injection Characters Cleaning Function
    ... use ODBC to connect to and SQL server too. ... JET DB as it is not a an SQL Server db. ... It's still the WRONG way to address SQL injection threats -- the ... What if the developer of the GUI end doesn't know the details of the ODBC connection and/or if the database administration dept have changed out the db back-end? ...
    (microsoft.public.access.security)
  • Fixed
    ... I also found this article that gives the proper way to move system dbs in sql 2008: ... The model exists where the master states it exists. ... This is the error log prior to detaching the model database. ...
    (microsoft.public.sqlserver.server)
  • Re: CREATE AGGREGATE failed because type Concatenate does not conform to UDAGG specification due to
    ... Go to the Database tab and click on the browse button next to the connection string. ... In the New Database Reference dialog, enter the details for the database where you want to deploy the assembly and create the user defined aggregate. ... I'm trying to do some CLR integration with sql server 2005. ...
    (microsoft.public.sqlserver.programming)
  • CREATE AGGREGATE failed because type Concatenate does not conform to UDAGG specification due to meth
    ... Now register the assembly and the aggregate in the SQL Server database you want ... I'm trying to do some CLR integration with sql server 2005. ...
    (microsoft.public.sqlserver.programming)