Full Disclosure mailing list archives
:: BobCat Alpha v0.2 ::
From: Dave <dave () northern-monkee co uk>
Date: Fri, 03 Feb 2006 17:01:00 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 :: What is it? :: BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB. :: More Info :: Site: http://www.northern-monkee.co.uk/ Project: http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html E-Mail: bobcat () northern-monkee co uk :: Requirements :: In order for BobCat to be useful you need the following: a) an application that is vulnerable to SQL injection. b) an MS SQL server/MSDE 2000 instance that is; reachable from the client you are running bobcat from and; reachable from the remote db that you are running commands on. c) a privileged account on local DB (sa preferable). :: Download :: Download BobCat Alpha v0.2 from: http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.2.zip http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.2.rar Accompanying tools can be obtained from: http://www.northern-monkee.co.uk/projects/bobcat/bin/Tools.zip http://www.northern-monkee.co.uk/projects/bobcat/bin/Tools.rar :: Notes :: Please report all grumbles, gripes and bugs to: e-mail: bobcat () northern-monkee co uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD44xLCq8ddNLLSusRAkFNAKCV/sCG1OzHZbKAP28tF+VB1spBQQCfURFH cfwtlZvDswSqpcxfE+H3MhQ= =xvfX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- :: BobCat Alpha v0.2 :: Dave (Feb 03)