Here is another new video “[1] Web Application Testing with Pangolin” (1024×768).
Similar to the previous video with [2] Matrixay I am using a chinese tool called Pangolin to extract the structure and content of a database (tables, columns, data) via a SQL Injection vulnerability in one of my vulnerable test applications.
Pangolin is a free product but some of the versions of Pangolin on the web are coming with a backdoored libcurl.dll. This can be a dangerous side effect of using free tools in a company environment. You have been warned…
Sometimes it is difficult to find a download possibility of Pangolin because the main website [3] www.nosec.org is currently under construction but if you search a little bit you will be able to find a copy (e.g. via rapidshare). More details concerning Pangolin is available [4] here.
[5] Pangolin Web SQL Injection Tool
Pangolin supports all kind of databases (Oracle, MSSQL, MySQL, Sybase, DB2, …).
More videos can be found in our [6] video section.
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2009/03/05/web-application-testing-with-pangolin-video-screenshot/
URLs in this post:
[1] Web Application Testing with Pangolin: http://www.red-database-security.com/videos/pangolin/webapp_testing_with_pangoli
n.html
[2] Matrixay: http://www.dbappsecurity.com/
[3] www.nosec.org: http://www.nosec.org/
[4] here: http://forum.darkc0de.com/index.php?action=vthread&forum=7&topic=5858
[5] Image: http://www.red-database-security.com/screenshot/pangolin.jpg
[6] video section: http://www.red-database-security.com/videos/oracle_videos.html
