Re: [sqlmap-users] backdoor file permission
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] backdoor file permission
|
From: Sergio C. Jr. <ser...@gm...> - 2011-06-05 14:26:13
|
Miroslav, In my case, I can access the file uploader, but I can't upload any files (even text files) from the file uploader. I agree I can't upload bin files in this case, but what about php files or text files? The gargabe at the beggning will not affect them, I think. Is that any way to upload these files in the same way as the file stager via sqlmap? Thanks. 2011/6/5 Miroslav Stampar <mir...@gm...> > Hi sergio. > > Answer to your question is NO. Why? Because while injecting file uploader > you'll get few chars of garbage (at least in union injection case) at the > start of file which are of not so importance for the uploader script itself, > and the file itself must be textual. Uploading any arbitrary file, without > garbage at the beggining, especially binary, is not possible via sql > injection. > > Kr > On 5.6.2011. 06:12, "Sergio Charpinel Jr." <ser...@gm...> > wrote: > > Hi, > > > > In a pentest, I could upload the web file stager but not the web > backdoor. > > Why this happens? I mean, isn't it possible to upload the backdoor in the > > same way the file stagger is uploaded? > > > > Thanks in advance. > > > > -- > > Sergio Roberto Charpinel Jr. > -- Sergio Roberto Charpinel Jr. |
