Re: [sqlmap-users] shell upload

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Ahmed.

Thanks for reporting.

This will be fixed at the end of the week. It requires overwritting of
some poorly written system methods.

Sending from Bernardo's place in London :)

KR
On Monday, April 25, 2011, Bernardo Damele A. G.
<ber...@gm...> wrote:
> What is the language of the web application? Can you provide us
> privately with full output of -v 3 --flush-session please?
>
> Bernardo
>
> On 25 April 2011 09:31, Ahmed Shawky <ah...@is...> wrote:
>> it based uploading shell with the latest reversion (r3770) but here is
>> another issue
>> [10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry
>> your run with the latest development version from the Subversion repository.
>> If the exception persists, please send by e-mail to
>> sql...@li... the following text and any information
>> required to reproduce the bug. The developers will try to reproduce the bug,
>> fix it accordingly and get back to you.
>> sqlmap version: 1.0-dev (r3770)
>> Python version: 2.7
>> Operating system: posix
>> Command line: ./sqlmap.py -u
>> ******************************************************* -p id --text-only
>> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
>> Technique: UNION
>> Back-end DBMS: MySQL (fingerprinted)
>> Traceback (most recent call last):
>>   File "./sqlmap.py", line 83, in main
>>     start()
>>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in
>> start
>>     action()
>>   File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
>> action
>>     conf.dbmsHandler.osPwn()
>>   File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in
>> osPwn
>>     self.uploadShellcodeexec(web=web)
>>   File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in
>> uploadShellcodeexec
>>     self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote,
>> self.webDirectory)
>>   File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
>> webFileUpload
>>     retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
>>   File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
>> __webFileStreamUpload
>>     page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams,
>> raise404=False)
>>   File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
>> getPage
>>     conn = multipartOpener.open(url, multipart)
>>   File "/usr/lib/python2.7/urllib2.py", line 391, in open
>>     response = self._open(req, data)
>>   File "/usr/lib/python2.7/urllib2.py", line 409, in _open
>>     '_open', req)
>>   File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
>>     result = func(*args)
>>   File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
>>     return self.do_open(httplib.HTTPConnection, req)
>>   File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
>>     h.request(req.get_method(), req.get_selector(), req.data, headers)
>>   File "/usr/lib/python2.7/httplib.py", line 946, in request
>>     self._send_request(method, url, body, headers)
>>   File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
>>     self.endheaders(body)
>>   File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
>>     self._send_output(message_body)
>>   File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
>>     msg += message_body
>> UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396:
>> ordinal not in range(128)
>> [*] shutting down at: 10:30:07
>> On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote:
>>>
>>> there is an issue when sqlmap comes to shell upload via os-shell or
>>> os-pwn
>>> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry
>>> your run with the latest development version from the Subversion repository.
>>> If the exception persists, please send by e> ------------------------------------------------------------------------------
>> Fulfilling the Lean Software Promise
>> Lean software platforms are now widely adopted and the benefits have been
>> demonstrated beyond question. Learn why your peers are replacing JEE
>> containers with lightweight application servers - and what you can gain
>> from the move. http://p.sf.net/sfu/vmware-sfemails
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>
> ------------------------------------------------------------------------------
> Fulfilling the Lean Software Promise
> Lean software platforms are now widely adopted and the benefits have been
> demonstrated beyond question. Learn why your peers are replacing JEE
> containers with lightweight application servers - and what you can gain
> from the move. http://p.sf.net/sfu/vmware-sfemails
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B