Hi all,
There is an error in one of the regex used to find absolute file paths in
order to upload a shell when there is not available the ' stacked queries'
on the parameter. The regex is "([\w]\:[\/\\\\]+)" located at line 76 of
file /sqlmap/lib/request. I dont know why (because i dont understand that
regex) but it always find a positive match in "p:" and sometimes in "s:" and
gives it back as absolute file paths.
I think is due to url strings in the page code. The regex matches things
like "http:\\domain.com/whatever" and returns "p:" as a valid absolute path
(or "s:" if the url is ssl). To avoid this maybe the regex can be changed to
"([\r\w]\:[\/\\\\]+)" if the real absolute file path is at the begining of a
word.
This happens in version 7.0 and 0.8-dev1 and in version 0.8-dev1 there is
also someting else wrong with --os-shell: after providing full paths and the
language that server supports it just cant connect the server. This is the
output:
[20:25:18] [WARNING] unable to retrieve the web server document root
please provide the web server document root [/var/www/]:
[20:26:09] [WARNING] unable to retrieve any web server path
please provide any additional web server full path to try to upload the
agent [/var/www/test/]:
[20:26:51] [INFO] trying to upload the uploader agent
which web application language does the web server support?
[1] ASP
[2] PHP (default)
[3] JSP
> 2
[20:26:57] [WARNING] unable to connect to the target url or proxy, sqlmap is
going to retry the request
[20:26:58] [WARNING] unable to connect to the target url or proxy, sqlmap is
going to retry the request
[20:26:59] [WARNING] unable to connect to the target url or proxy, sqlmap is
going to retry the request
[20:27:00] [ERROR] unable to connect to the target url or proxy
This doesnt happens in version 7.0.
Cheers,
Nacho
|
