8 Temmuz 2010 Perşembe

Web Application Testing with Pangolin (Video & Screenshot)

Here is another new video “[1] Web Application Testing with Pangolin” (1024×768).

Similar to the previous video with [2] Matrixay I am using a chinese tool called Pangolin to extract the structure and content of a database (tables, columns, data) via a SQL Injection vulnerability in one of my vulnerable test applications.

Pangolin is a free product but some of the versions of Pangolin on the web are coming with a backdoored libcurl.dll. This can be a dangerous side effect of using free tools in a company environment. You have been warned…

Sometimes it is difficult to find a download possibility of Pangolin because the main website [3] is currently under construction but if you search a little bit you will be able to find a copy (e.g. via rapidshare). More details concerning Pangolin is available [4] here.

[5] Pangolin Web SQL Injection Tool

Pangolin supports all kind of databases (Oracle, MSSQL, MySQL, Sybase, DB2, …).

More videos can be found in our [6] video section.

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog:

URL zum Artikel:

URLs in this post:
[1] Web Application Testing with Pangolin:
[2] Matrixay:
[4] here:
[5] Image:
[6] video section: