Re: [sqlmap-users] testing --os-shell

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,
sqlmap seems to have serious issue with the --os-shell option
I have the same problem,

 [02:36:31] [INFO] testing for parenthesis on injectable parameter
 [02:36:34] [INFO] the injectable parameter requires 0 parenthesis
 [02:36:34] [INFO] testing MySQL
 [02:36:36] [INFO] confirming MySQL
 [02:36:37] [INFO] retrieved: 0
 [02:36:54] [INFO] the back-end DBMS is MySQL

 web application technology: Apache 2.0.63, PHP 5.2..5
 back-end DBMS: MySQL >= 5.0.0

 [02:36:54] [INFO] testing stacked queries support on parameter 'noticiaID'
 [02:36:54] [INFO] detecting back-end DBMS version from its banner
 [02:36:54] [INFO] retrieved: 5.0.67
 [02:38:36] [WARNING] the web application does not support stacked
 queries on parameter 'noticiaID'
 [02:38:36] [INFO] going to upload a web page backdoor for command execution
 [02:38:36] [INFO] retrieving web application directories
 [02:38:36] [WARNING] unable to retrieve the injectable file absolute system 
 path
 [02:38:36] [WARNING] unable to retrieve the remote web server document root
 please provide the web server document root [/var/www]:
 please provide a list of directories absolute path comma separated
 that you want sqlmap to try to upload the agent [/var/www/test]:
 [02:38:51] [INFO] trying to upload the uploader agent
 [02:38:51] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy
 the command line and the following text and send by e-mail to
 sql...@li.... The developer will fix it as soon
 as possible:
 sqlmap version: 0.7rc1
 Python version: 2.5.2
 Operating system: linux2
 Traceback (most recent call last):
  File "./sqlmap.py", line 81, in main
    start()
  File "/home/ulises2k/programas/sqlmap-svn/lib/controller/controller.py",
 line 265, in start
    action()
  File "/home/ulises2k/programas/sqlmap-svn/lib/controller/action.py",
 line 140, in action
    conf.dbmsHandler.osShell()
  File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py",
 line 286, in osShell
   self.__webBackdoorOsShell()
  File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py",
 line 145, in __webBackdoorOsShell
    uploaderStr  = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, uploaderName))
 NameError: global name 'fileToStr' is not defined

 [*] shutting down at: 02:38:51


 ---
Christian Eric Edjenguele
IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect
mobile (IT): +39 3408580513


----- Messaggio originale -----
> Da: Nicolas Krassas <kr...@an...>
> A: sql...@li...
> Inviato: Domenica 26 aprile 2009, 8:22:00
> Oggetto: [sqlmap-users] testing --os-shell
> 
> Hi,
>     Trying some test on --os-shell i'm getting the following error.
> 
> sqlmap version: 0.7rc2
> Python version: 2.5.2
> Operating system: linux2
> Traceback (most recent call last):
>   File "./sqlmap.py", line 84, in main
>     start()
>   File "/root/sqlmap/lib/controller/controller.py", line 265, in start
>     action()
>   File "/root/sqlmap/lib/controller/action.py", line 140, in action
>     conf.dbmsHandler.osShell()
>   File "/root/sqlmap/plugins/generic/takeover.py", line 286, in osShell
>     self.__webBackdoorOsShell()
>   File "/root/sqlmap/plugins/generic/takeover.py", line 145, in 
> __webBackdoorOsShell
>     uploaderStr  = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, 
> uploaderName))
> NameError: global name 'fileToStr' is not defined
> 
> 
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensign option that enables unlimited
> royalty-free distribution of the report engine for externally facing 
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users