Re: [sqlmap-users] testing --os-shell
Brought to you by:
inquisb
From: Christian E. E. <c_e...@ya...> - 2009-04-26 14:59:42
|
Hello, sqlmap seems to have serious issue with the --os-shell option I have the same problem, [02:36:31] [INFO] testing for parenthesis on injectable parameter [02:36:34] [INFO] the injectable parameter requires 0 parenthesis [02:36:34] [INFO] testing MySQL [02:36:36] [INFO] confirming MySQL [02:36:37] [INFO] retrieved: 0 [02:36:54] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.0.63, PHP 5.2..5 back-end DBMS: MySQL >= 5.0.0 [02:36:54] [INFO] testing stacked queries support on parameter 'noticiaID' [02:36:54] [INFO] detecting back-end DBMS version from its banner [02:36:54] [INFO] retrieved: 5.0.67 [02:38:36] [WARNING] the web application does not support stacked queries on parameter 'noticiaID' [02:38:36] [INFO] going to upload a web page backdoor for command execution [02:38:36] [INFO] retrieving web application directories [02:38:36] [WARNING] unable to retrieve the injectable file absolute system path [02:38:36] [WARNING] unable to retrieve the remote web server document root please provide the web server document root [/var/www]: please provide a list of directories absolute path comma separated that you want sqlmap to try to upload the agent [/var/www/test]: [02:38:51] [INFO] trying to upload the uploader agent [02:38:51] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the command line and the following text and send by e-mail to sqlmap-users@lists..sourceforge.net. The developer will fix it as soon as possible: sqlmap version: 0.7rc1 Python version: 2.5.2 Operating system: linux2 Traceback (most recent call last): File "./sqlmap.py", line 81, in main start() File "/home/ulises2k/programas/sqlmap-svn/lib/controller/controller.py", line 265, in start action() File "/home/ulises2k/programas/sqlmap-svn/lib/controller/action.py", line 140, in action conf.dbmsHandler.osShell() File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py", line 286, in osShell self.__webBackdoorOsShell() File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py", line 145, in __webBackdoorOsShell uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, uploaderName)) NameError: global name 'fileToStr' is not defined [*] shutting down at: 02:38:51 --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Nicolas Krassas <kr...@an...> > A: sql...@li... > Inviato: Domenica 26 aprile 2009, 8:22:00 > Oggetto: [sqlmap-users] testing --os-shell > > Hi, > Trying some test on --os-shell i'm getting the following error. > > sqlmap version: 0.7rc2 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 84, in main > start() > File "/root/sqlmap/lib/controller/controller.py", line 265, in start > action() > File "/root/sqlmap/lib/controller/action.py", line 140, in action > conf.dbmsHandler.osShell() > File "/root/sqlmap/plugins/generic/takeover.py", line 286, in osShell > self.__webBackdoorOsShell() > File "/root/sqlmap/plugins/generic/takeover.py", line 145, in > __webBackdoorOsShell > uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, > uploaderName)) > NameError: global name 'fileToStr' is not defined > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensign option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |