Hi. We can provide this as a alternative and warn the user that file will contain some garbage at the beggining. Just a reminder, it won't be suffice in most number of cases (i can't wait reports with complaints related). Kr On 5.6.2011. 16:26, "Sergio Charpinel Jr." <sergiocharpi...@gmail.com> wrote: > Miroslav, > > In my case, I can access the file uploader, but I can't upload any files > (even text files) from the file uploader. > I agree I can't upload bin files in this case, but what about php files or > text files? The gargabe at the beggning will not affect them, I think. > > Is that any way to upload these files in the same way as the file stager via > sqlmap? > > Thanks. > > 2011/6/5 Miroslav Stampar <miroslav.stam...@gmail.com> > >> Hi sergio. >> >> Answer to your question is NO. Why? Because while injecting file uploader >> you'll get few chars of garbage (at least in union injection case) at the >> start of file which are of not so importance for the uploader script itself, >> and the file itself must be textual. Uploading any arbitrary file, without >> garbage at the beggining, especially binary, is not possible via sql >> injection. >> >> Kr >> On 5.6.2011. 06:12, "Sergio Charpinel Jr." <sergiocharpi...@gmail.com> >> wrote: >> > Hi, >> > >> > In a pentest, I could upload the web file stager but not the web >> backdoor. >> > Why this happens? I mean, isn't it possible to upload the backdoor in the >> > same way the file stagger is uploaded? >> > >> > Thanks in advance. >> > >> > -- >> > Sergio Roberto Charpinel Jr. >> > > > > -- > Sergio Roberto Charpinel Jr.
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
