Debian Linux 7.0 Code Named 'Wheezy' Released & Available For Download

Debian Linux 7.0 Code Named 'Wheezy' Released & Added  Multiarch Support, Several Specific Tools

Once it was one of the most popular Linux distribution which have drawn the maximum attention, yes you are right I am talking about none other than Debian Linux. Now a days the craze of this flavor has became little fade but as the foundation for other, more popular Linux distributions, such as Mint, Ubuntu and few Pen Testing Distro, still the value of Debian exist. So the up-gradation and new release of this Linux flavor is  still very much important. And today I will talk about the new release of Debian Linux version 7.0 code named 'Wheezy'. After many months of constant development, the developers at Debian project proudly announced the general availability of the next version of this major Linux which is Debian 7.0 aka 'Wheezy'. According to the release note - This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories. Multiarch support, one of the main release goals for Wheezy, will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too. In addition, for the first time, Debian supports installation and booting using UEFI for new 64-bit PCs (amd64), although there is no support for Secure Boot yet. 

This Release Includes Numerous Updated Software Packages, Such as:-

• Apache 2.2.22
• Asterisk 1.8.13.1
• GIMP 2.8.2
• An updated version of the GNOME desktop environment 3.4
• GNU Compiler Collection 4.7.2
• Icedove 10 (an unbranded version of Mozilla Thunderbird)
• Iceweasel 10 (an unbranded version of Mozilla Firefox)
• KDE Plasma Workspaces and KDE Applications 4.8.4
• kFreeBSD kernel 8.3 and 9.0
• LibreOffice 3.5.4
• Linux 3.2
• MySQL 5.5.30
• Nagios 3.4.1
• OpenJDK 6b27 and 7u3
• Perl 5.14.2
• PHP 5.4.4
• PostgreSQL 9.1
• Python 2.7.3 and 3.2.3
• Samba 3.6.6
• Tomcat 6.0.35 and 7.0.28
• Xen Hypervisor 4.1.4
• The Xfce 4.8 desktop environment
• X.Org 7.7

Along with these more than other 36,000 ready-to-use software packages, built from nearly 17,500 source packages also included in Debian Linux 7.0. So after reading all those cool features, what you are waiting for lets download the installation image via bittorrent (the recommended method), jigdo, or HTTP. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Debian Linux 7.0 Code Named 'Wheezy' Released & Available For Download "https://www.voiceofgreyhat.com/2013/05/Debian-Linux-7.0-Codenamed-Wheezy-Released.html</a>

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:

• A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
• A vulnerability that would allow unprivileged users to interfere with backups;
• Security issues involving the OS X and Linux installers;
• Vaious issues with GiST indices;
• An issue related to crash recovery; and
• Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 

-Source (Campus Technology & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)"https://www.voiceofgreyhat.com/2013/04/PostgreSQL-fixed-denial-of-Service-vulnerability.html</a>

Jadavpur University Official Website is Vulnerable to Sql Injection

Jadavpur University Official Website is Vulnerable to Sql Injection 

An ethical hacker from India named Chirag Singh have figured out serious loopholes in the official website of Jadavpur University -one of the most renowned and prestigious university of India. Chirag find blind Sql injection vulnerability which can be exploited by malicious purpose in order to harm the website and gain access. From the vulnerability report submitted by the hacker, it has been found that the web-server of Jadavpur University is using Red Hat Enterprise Linux 5 (Tikanga) where the web application technologies are Apache 2.2.3 and PHP 5.1.6; along with the back-end database is PostgreSQL. The hackers also managed to dump 11 database with more than 215 tables as shown in the picture below 

This issue has already been reported to the concern person and the webmaster of Jadavpur University, and due to security and privacy we are not exposing and mention the vulnerable link and dumped database.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Jadavpur University Official Website is Vulnerable to Sql Injection"https://www.voiceofgreyhat.com/2013/03/Jadavpur-University-Vulnerable-to-Sqli.html</a>

PostgreSQL Patches Vulnerability in The built-in XML & XSLT (CVE-2012-3488,3489)

PostgreSQL Patches Vulnerability in The built-in XML & XSLT (CVE-2012-3488,3489)

PostgreSQL Global Development Group released security updates for all active branches of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update patches security holes associated with libxml2 and libxslt, similar to those affecting other open source projects. All users are urged to update their installations at the first available opportunity. This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow reading of arbitrary files by any authenticated database user, and the XSLT vulnerability allows writing files as well. The fixes cause limited backwards compatibility issues. These issues correspond to the following two vulnerabilities:

• CVE-2012-3488: PostgreSQL insecure use of libxslt
• CVE-2012-3489: PostgreSQL insecure use of libxml2

This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:

• Updates and corrections to time zone data
• Multiple documentation updates and corrections
• Add limit on max_wal_senders
• Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
• Correct behavior of unicode conversions for PL/Python
• Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
• Fix syslogger so that log_truncate_on_rotation works in the first rotation.
• Only allow autovacuum to be auto-canceled by a directly blocked process.
• Improve fsync request queue operation
• Prevent corner-case core dump in rfree().
• Fix Walsender so that it responds correctly to timeouts and deadlocks
• Several PL/Perl fixes for encoding-related issues
• Make selectivity operators use the correct collation
• Prevent unsuitable slaves from being selected for synchronous replication
• Make REASSIGN OWNED work on extensions as well
• Fix race condition with ENUM comparisons
• Make NOTIFY cope with out-of-disk-space
• Fix memory leak in ARRAY subselect queries
• Reduce data loss at replication failover
• Fix behavior of subtransactions with Hot Standby

Users who are relying on the built-in XML functionality to validate external DTDs will need to implement a workaround, as this security patch disables that functionality. Users who are using xslt_process() to fetch documents or stylesheets from external URLs will no longer be able to do so. The PostgreSQL project regrets the need to disable both of these features in order to maintain our security standards. These security issues with XML are substantially similar to issues patched recently by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5 (CVE-2012-0057) projects. As with other minor releases, users are not required to dump and reload their database or use 

pg_upgrade

In order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Perform post-update steps after the database is restarted. All supported versions of PostgreSQL are affected. Or you can download the new versions now at the main download page.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PostgreSQL Patches Vulnerability in The built-in XML & XSLT (CVE-2012-3488,3489)"https://www.voiceofgreyhat.com/2012/08/PostgreSQL-Patches-Vulnerability-in-The-built-in-XML.html</a>

Havij v1.16 Advanced & Automated SQL Injection Tool Released

Havij v1.16 Advanced & Automated SQL Injection Tool Released

One of the most preferred and widely used SQL-injector Havij has released another updated version (v1.16). In the middle of last year ITSec team made Havij 1.15 available, so after one year of hard work now we got the next edition of this marvellous SQL-i tool. As per survey Havij is listed as one of the finest and widely used tool used for finding SQL Injection vulnerabilities on a web page. It has been thoroughly used by hackers along with penetration testers over the whole spectrum. 

Brief About Havij :- It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

New Features :-

• Multithreading

• Oracle Blind injection method.

• Automatic all parameter scan added.

• New blind injection method (no more ? char.)

• Retry for blind injection.

• A new method for tables/columns extraction in mssql blind.

• A WAF bypass method for mysql blind.

• Getting tables and columns even when can not get current database.

• Auto save log.

Bug Fixed:- 

• url encode bug fixed.

• Trying time based methods when mssql error based and union based fail.

• Clicking get columns would delete all tables.

• Reseting time based method delay when applying settings.

• Oracle and PostgreSQL detection

For additional information & to Download Havij v1.16 Click Here 

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Havij v1.16 Advanced & Automated SQL Injection Tool Released"https://www.voiceofgreyhat.com/2012/06/havij-v116-advanced-automated-sql.html</a>

Debian GNU/Linux 6.0.5 Released

Debian GNU/Linux 6.0.5 Released

Developers at Debian project is pleased to announce the fifth update of its stable distribution Debian 6.0 codenamed squeeze. According to the project release this update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. If you have Debian 6.0.x already installed, it is not necessary to reinstall, you only need to install all the latest updates from your nearest mirror site. 

What's new in Debian GNU/Linux 6.0.2:-

• aide Properly support large files on 32-bit systems; fix group for bind9 log files

• approx Don't try caching InRelease or non-.gz compressed files

• apr Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*

• apt Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support

• apt-listchanges Correctly handle NEWS files containing only one entry

• base-files Update /etc/debian_version

• clive Adapt for liveleak.com changes

• dbus Fix local DoS for system services (CVE-2011-2200)

• deborphan Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes

• dokuwiki Fix an ACL bypass issue in the XMLRPC interface

• dpkg Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration

• e2fsprogs Various bug fixes

• fakechroot Fix 'debootstrap --variant=fakechroot'

• fcgiwrap Fix init script's 'stop' target

• gdm3 Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down

• git Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user

• gnome-settings-daemon Work around possible race condition when starting Xsettings manager

• ia32-libs Refresh packages from stable and proposed-updates.

• iceowl Security updates

• im-config Avoid breaking login via GDM if im-config is removed but not purged

• inn Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default

• josm Give more verbose explanation to users who haven't agreed to the new OSM license

• kde4libs Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes

• kdenetwork Improve fix for CVE-2010-1000 directory traversal issue

• kernel-wedge Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules

• kerneltop Increase line buffer size to 1024 bytes

• klibc ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)

• krb5 Fix DoS; fix interoperability with w2k8r2 KDCs; fix invalid free and double free; don't make authentication fail if PAC verification fails

• kupfer Use correct parameter type to allow keybindings to work again

• libapache2-mod-perl2 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

• libburn Don't create images with overly-restrictive permissions

• libfinance-quotehist-perl Disable test suite, broken by website changes

• libmms Fix alignment issues on arm

• linux-2.6 New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables

• linux-kernel-di-amd64-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-armel-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-i386-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-ia64-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-mips-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-mipsel-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-powerpc-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-s390-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• linux-kernel-di-sparc-2.6 Rebuild against kernel-wedge 2.74+squeeze3

• lua-expat Fix the 'billion laughs' DoS attack

• monkeysphere Fix monkeysphere-host revoke-key

• nagios-plugins Allocate a big enough buffer to handle all IPs of hosts being pinged

• nsd3 Remove statoverride before removing the package's user

• openldap Fix possible database corruption issues, several security issues and dpkg-reconfigure

• php-svn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

• php5 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

• pianobar Update API keys for XMLRPC v30

• postgresql-8.4 New upstream bugfix release; fix pg_upgrade use with TOAST tables

• prosody Fix the 'billion laughs' DoS attack

• puppet Fix service provider to properly use update-rc.d disable API

• python-apt Strip multiarch by default in RealParseDepends; add XZ support

• python-gudev Add missing dependency on python-gobject

• q4wine Stop shipping the library in lib64

• qemu Don't register qemu-mips(el) with binfmt on mips(el)

• qemu-kvm Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit

• qt4-x11 Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification

• rapidsvn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

• refpolicy Various permissions fixes

• reprepro Handle Release files which don't contain md5sums

• ruby1.8 Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8

• samba Fix undefined symbol error from tdb2.so; several printing related bugs and a gid leak in winbind / idmap. Document the new and potentially disruptive 'map untrusted to domain'

• schroot Fix loading of dchroot.conf

• softhsm Remove statoverride entries before the package's user

• sun-java6 New upstream security update

• tzdata New upstream version

• vimperator Resolve compatibility issues with iceweasel

• widelands Fix potential security issue in Internet games

• xenomai Adapt kernel patch to apply cleanly to squeeze's kernel

• xserver-xorg-video-tseng Fix driver initialisation

To Download Debian 6.0 codenamed "squeeze" Click Here

  

-Source (Softpedia, Debian Project)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Debian GNU/Linux 6.0.5 Released"https://www.voiceofgreyhat.com/2012/05/debian-gnulinux-605-released.html</a>

OpenBSD 5.1 Released With Better Hardware Support & Performance

OpenBSD 5.1 Released With Better Hardware Support & Performance

Last year we got both FreeBSD & PCBSD 9 after few months we got GhostBSD 2.5 Final version. Couple of moths ago a public beta of NetBSD 6.0 get released for testing purpose. Now its the turn of OpenBS, The OpenBSD project has made version 5.1 of its free BSD-based UNIX-like operating system available to download. The latest update to the distribution comes six months after the release of OpenBSD 5.0 and includes better hardware support, performance improvements and new features, as well as package upgrades. 

Some Highlights:-

• GNOME 3.2.1 (fallback mode)

• KDE 3.5.10

• Xfce 4.8.3

• MySQL 5.1.60

• PostgreSQL 9.1.2

• Postfix 2.8.8

• OpenLDAP 2.3.43 and 2.4.26

• Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1

• Mozilla Thunderbird 9.0.1

• GHC 7.0.4

• LibreOffice 3.4.5.2

• Emacs 21.4, 22.3 and 23.4

• Vim 7.3.154

• PHP 5.2.17 and 5.3.10

• Python 2.5.4, 2.7.1 and 3.2.2

• Ruby 1.8.7.357 and 1.9.3.0

• Tcl/Tk 8.5.11

• Jdk 1.7

• Mono 2.10.6

• Chromium 16.0.912.77

• Groff 1.21 

Along with these we are getting OpenSSH 6.0, Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches, freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276, xkeyboard-config 2.5 and more), OpenSSL 1.0.0f, Bind 9.4.2-P2, Gcc 4.2.1, Perl 5.12.2, Lynx 2.8.7rel.2 with HTTPS and IPv6 support, Sudo 1.7.2p8 & so on.  For additional information & to see the release note click here.

To Download OpenBSD 5.1 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">OpenBSD 5.1 Released With Better Hardware Support & Performance"https://www.voiceofgreyhat.com/2012/05/openbsd-51-released-with-better.html</a>

Patator -A Multi-Purpose Brute-Forcer

Earlier we have several times talked about Brute forcer tool like THC-Hydra, Cain & Abel, Rainbow Crack and many more. Today we will discuss about Patator is a multi-purpose brute-forcer, written in pyton language, with a modular design and a flexible usage. Can be modified and rewritten as per our environment requirement. Patator is licensed GPLv2.

Modules Supported:-
ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files

Features of Patator:-

• No false negatives, as it is the user that decides what results to ignore based on:

• status code of response

• size of response

• matching string or regex in response data

• Modular design

• not limited to network modules (eg. the unzip_pass module)

• not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)

• Interactive runtime

• show verbose progress

• pause/unpause execution

• increase/decrease verbosity

• add new actions & conditions during runtime in order to exclude more types of response from showing

• Use persistent connections (ie. will test several passwords until the server disconnects)

• Multi-threaded

• Flexible user input

• Any part of a payload is fuzzable:

• use FILE[0-9] keywords to iterate on a file

• use COMBO[0-9] keywords to iterate on the combo entries of a file

• use NET[0-9] keywords to iterate on every host of a network subnet

To Download Patator Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Patator -A Multi-Purpose Brute-Forcer"https://www.voiceofgreyhat.com/2012/01/patator-multi-purpose-brute-forcer.html</a>

SQLol -SQL-i Vulnerability Testing Framework

In the Austin Hackers Association meeting they released SQLol. SQLolis a configurable SQL injection testbed. It allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw. The author thought about different data extraction techniques from SQL injection flaws and found that a vulnerability framework that includes SQLi verbose error extraction techniques was never found. To be precise, the author never came across a vulnerability framework that includes SQL injection in a DELETE query. So, with this aim in mind, SQLol was born, specifically for SQL injection flaws. It can be useful to those who know nothing about SQL injection, or those who know a bit of it. SQLol comes with a set of challenges which help you with performing some flavor of SQL injection and have pre-configured settings.

Options:-

• Type of query
• Location within query
• Type and level of sanitization
• Level of query output
• Verbosity of error messages
• Visibility of query
• Injection string entry point

Other Cool Things:-

• Reset button
• Challenges
• Support for multiple database systems

Requirements:-

• PHP 5.x
• Web server
• Database server (MySQL, PostgreSQL and SQLite have been tested, others may work)
• ADODB library (included)

To Download SQLol Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQLol -SQL-i Vulnerability Testing Framework"https://www.voiceofgreyhat.com/2012/01/sqlol-sql-i-vulnerability-testing.html</a>

Pangolin 3.2.5 Released (SQL-i Testing Tool)

Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabitlities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user"s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Supported Database:-
Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.
Features:-

• HTTPS support

• Pre-Login

• Proxy

• Specify any HTTP headers(User-agent, Cookie, Referer and so on)

• Bypass firewall setting

• Auto-analyzing keyword

• Detailed check options

• Injection-points management

• Injection Digger

• Data dumper

New Features of Pangolin 3.2.5:-

• Auto analyzing keywords before injecte with cookie.

• Support manually select keywords.

• Release "oracle_data.php" to customize "Remote Data URL" when injecte Oracle.

To download Pangolin Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pangolin 3.2.5 Released (SQL-i Testing Tool)"https://www.voiceofgreyhat.com/2011/09/pangolin-325-released-sql-i-testing.html</a>

Famous SQL-i tool Havij v1.15 is now Available

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the operating system.


The New features of Havij 1.15 :-

Webknight WAF bypass added.
Bypassing mod_security made better
Unicode support added
A new method for tables/columns extraction in mssql
Continuing previous tables/columns extraction made available
Custom replacement added to the settings
Default injection value added to the settings (when using %Inject_Here%)
Table and column prefix added for blind injections
Custom table and column list added.
Custom time out added.
A new md5 cracker site added
Bugfix: a bug releating to SELECT command
Bugfix: finding string column
Bugfix: getting multi column data in mssql
Bugfix: finding mysql column count
Bugfix: wrong syntax in injection string type in MsAccess
Bugfix: false positive results was removed
Bugfix: data extraction in url-encoded pages
Bugfix: loading saved projects
Bugfix: some errors in data extraction in mssql fixed.
Bugfix: a bug in MsAccess when guessing tables and columns
Bugfix: a bug when using proxy
Bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
Bugfix: false positive in finding columns count
Bugfix: when mssql error based method failed
Bugfix: a bug in saving data
Bugfix: Oracle and PostgreSQL detection

To Download Havij 1.15 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Famous SQL-i tool Havij v1.15 is now Available"https://www.voiceofgreyhat.com/2011/06/famous-sql-i-tool-havij-v115-is-now.html</a>

Safe3 SQL-Injector v.8.1 is now Available

Safe3 is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connection.

New Features and bug fix:

• Full support for http, https website.
• Full support for Basic, Digest, NTLM http authentications.
• Full support for GET, Post, Cookie sql injection.
• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, ybase and SAP MaxDB database management systems.
  Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
• Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
• Support to enumerate databases, tables, columns and data.
• Support to read,list and write any file from the database server underlying file system when the database oftware is MySQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
• Support to ip domain query,web path guess,md5 crack etc.
• Support for sql injection scan.

Download Safe3 Sql Injector v.8.1 here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Safe3 SQL-Injector v.8.1 is now Available"https://www.voiceofgreyhat.com/2011/05/safe3-sql-injector-v81.html</a>