Miroslav, In my case, I can access the file uploader, but I can't upload any files (even text files) from the file uploader. I agree I can't upload bin files in this case, but what about php files or text files? The gargabe at the beggning will not affect them, I think.
Is that any way to upload these files in the same way as the file stager via sqlmap? Thanks. 2011/6/5 Miroslav Stampar <miroslav.stam...@gmail.com> > Hi sergio. > > Answer to your question is NO. Why? Because while injecting file uploader > you'll get few chars of garbage (at least in union injection case) at the > start of file which are of not so importance for the uploader script itself, > and the file itself must be textual. Uploading any arbitrary file, without > garbage at the beggining, especially binary, is not possible via sql > injection. > > Kr > On 5.6.2011. 06:12, "Sergio Charpinel Jr." <sergiocharpi...@gmail.com> > wrote: > > Hi, > > > > In a pentest, I could upload the web file stager but not the web > backdoor. > > Why this happens? I mean, isn't it possible to upload the backdoor in the > > same way the file stagger is uploaded? > > > > Thanks in advance. > > > > -- > > Sergio Roberto Charpinel Jr. > -- Sergio Roberto Charpinel Jr.
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
