Hello,
sqlmap seems to have serious issue with the --os-shell option
I have the same problem,
[02:36:31] [INFO] testing for parenthesis on injectable parameter
[02:36:34] [INFO] the injectable parameter requires 0 parenthesis
[02:36:34] [INFO] testing MySQL
[02:36:36] [INFO] confirming MySQL
[02:36:37] [INFO] retrieved: 0
[02:36:54] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.0.63, PHP 5.2..5
back-end DBMS: MySQL >= 5.0.0
[02:36:54] [INFO] testing stacked queries support on parameter 'noticiaID'
[02:36:54] [INFO] detecting back-end DBMS version from its banner
[02:36:54] [INFO] retrieved: 5.0.67
[02:38:36] [WARNING] the web application does not support stacked
queries on parameter 'noticiaID'
[02:38:36] [INFO] going to upload a web page backdoor for command execution
[02:38:36] [INFO] retrieving web application directories
[02:38:36] [WARNING] unable to retrieve the injectable file absolute system
path
[02:38:36] [WARNING] unable to retrieve the remote web server document root
please provide the web server document root [/var/www]:
please provide a list of directories absolute path comma separated
that you want sqlmap to try to upload the agent [/var/www/test]:
[02:38:51] [INFO] trying to upload the uploader agent
[02:38:51] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy
the command line and the following text and send by e-mail to
sqlmap-users@lists..sourceforge.net. The developer will fix it as soon
as possible:
sqlmap version: 0.7rc1
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
File "./sqlmap.py", line 81, in main
start()
File "/home/ulises2k/programas/sqlmap-svn/lib/controller/controller.py",
line 265, in start
action()
File "/home/ulises2k/programas/sqlmap-svn/lib/controller/action.py",
line 140, in action
conf.dbmsHandler.osShell()
File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py",
line 286, in osShell
self.__webBackdoorOsShell()
File "/home/ulises2k/programas/sqlmap-svn/plugins/generic/takeover.py",
line 145, in __webBackdoorOsShell
uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, uploaderName))
NameError: global name 'fileToStr' is not defined
[*] shutting down at: 02:38:51
---
Christian Eric Edjenguele
IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect
mobile (IT): +39 3408580513
----- Messaggio originale -----
> Da: Nicolas Krassas <kr...@an...>
> A: sql...@li...
> Inviato: Domenica 26 aprile 2009, 8:22:00
> Oggetto: [sqlmap-users] testing --os-shell
>
> Hi,
> Trying some test on --os-shell i'm getting the following error.
>
> sqlmap version: 0.7rc2
> Python version: 2.5.2
> Operating system: linux2
> Traceback (most recent call last):
> File "./sqlmap.py", line 84, in main
> start()
> File "/root/sqlmap/lib/controller/controller.py", line 265, in start
> action()
> File "/root/sqlmap/lib/controller/action.py", line 140, in action
> conf.dbmsHandler.osShell()
> File "/root/sqlmap/plugins/generic/takeover.py", line 286, in osShell
> self.__webBackdoorOsShell()
> File "/root/sqlmap/plugins/generic/takeover.py", line 145, in
> __webBackdoorOsShell
> uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH,
> uploaderName))
> NameError: global name 'fileToStr' is not defined
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensign option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
|
