Hi sergio. Answer to your question is NO. Why? Because while injecting file uploader you'll get few chars of garbage (at least in union injection case) at the start of file which are of not so importance for the uploader script itself, and the file itself must be textual. Uploading any arbitrary file, without garbage at the beggining, especially binary, is not possible via sql injection.
Kr On 5.6.2011. 06:12, "Sergio Charpinel Jr." <sergiocharpi...@gmail.com> wrote: > Hi, > > In a pentest, I could upload the web file stager but not the web backdoor. > Why this happens? I mean, isn't it possible to upload the backdoor in the > same way the file stagger is uploaded? > > Thanks in advance. > > -- > Sergio Roberto Charpinel Jr.
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
