hi ryan. short answer is permissions (most often file write ones)
long answer is: 1) --os-shell/--os-cmd/--os-pwn (STACKED INJECTION CASE) A) for MYSQL (rare in real life), PGSQL current DBMS user has to have UDF create/exec permissions B) MSSQL current DBMS user has to be able to run master.dbo.xp_cmdshell (EXEC permissions, function has to be enabled - sqlmap can try to enable it automatically, function has to exist) 2) --os-shell/--os-cmd/--os-pwn (NON-STACKED INJECTION CASE) A) for MYSQL current DBMS user has to have file write permissions to a reachable web directory kind regards On Sat, Sep 10, 2011 at 8:11 AM, ryan cartner <ryan.cart...@gmail.com> wrote: > what are the actual requirements for --os-cmd/shell/pwn ? I'm trying to > figure out how they work specifically. As far as I can tell you just need > write access to a folder in the web root. Is this true? Is there a way to > check your filesystem priviledges? > ------------------------------------------------------------------------------ > Malware Security Report: Protecting Your Business, Customers, and the > Bottom Line. Protect your business and customers by understanding the > threat from malware and how it can impact your online business. > http://www.accelacomm.com/jaw/sfnl/114/51427462/ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
