Le 2013-02-20 14:52, Miroslav Stampar a écrit : > p.s. problem is that INTO OUTFILE affects only the SELECT query where > is supposed to be done. In your case you have one query which is > INJECTABLE and one separate CUSTOM query which needs to include INTO > OUTFILE -> this is a conflict which requires usage of stacking (or > you > can try to exploit it manually using original query)
sql-shell> 1;select 0x3c*******e into dumpfile "/www/doc/www.**************.cz/www/new/upload.php"; [15:01:16] [WARNING] execution of custom SQL queries is only available when stacked queries are supported in the case of a concrete example I get this even with stacking > > On Wed, Feb 20, 2013 at 2:48 PM, Miroslav Stampar > <miroslav.stam...@gmail.com> wrote: > >> For using "INTO OUTFILE" in a specific SELECT query you need >> stacking (or you can try to exploit it manually). We can't help you >> here. >> >> Bye >> >> On Wed, Feb 20, 2013 at 2:45 PM, ml <m...@smtp.fakessh.eu> wrote: >> >>> Le 2013-02-20 09:53, Miroslav Stampar a écrit : >>> >>>> --sql-query WORKS (tested this moment with ERROR based-only >>>> technique >>>> using query "SELECT id FROM users") >>>> --sql-shell WORKS (tested this moment with ERROR based-only >>>> technique >>>> using query "SELECT id FROM users") >>>> >>>> To distinguish things a bit. Query is a SQL command that starts >>>> with >>>> "SELECT". Non-query statements (INSERT/UPDATE/DELETE...) require >>>> "stacking". >>>> >>>> You haven't stated what switch have you used, nor which >>>> query/non-query command have you tried, nor which techniques were >>>> available in your case... Nothing. >>> >>> I tried an application style >>> >>> select 0x3a into outfile './test.txt' >>> >>> and that >>> >>> the shell answers a error >>> custom query are not disponible >>> >>> simple query style >>> SELECT id FROM users works >>> >>> but when you add into dumpfile outfile or it does not work >>> >>> I tried putting 1; in front of the stack or no more successful >>> >>> there is a problem >>> >>>> On Tue, Feb 19, 2013 at 11:37 PM, ml <m...@smtp.fakessh.eu> wrote: >>>> >>>>> hello guru >>>>> >>>>> I ask you a little help. >>>>> all the "custom query" are no longer possible >>>>> to execute custom query sqlmap answers the "stacked query" are >>>>> not >>>>> supported. >>>>> >>>>> what inplique lines of code that execute 15 days ago in the past >>>>> do not >>>>> work anymore >>>>> >>>>> please provide a little help >>>>> >>>>> sincerely >>>>> -- >>>>> gpg --keyserver pgp.mit.edu [1] [1] --recv-key C2626742 >>>>> http://about.me/fakessh [2] [2] >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Everyone hates slow websites. So do we. >>>>> Make your web apps faster with AppDynamics >>>>> Download AppDynamics Lite for free today: >>>>> http://p.sf.net/sfu/appdyn_d2d_feb [3] [3] >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sqlmap-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [4] [4] >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm [5] [5] >>>> >>>> Links: >>>> ------ >>>> [1] http://pgp.mit.edu [1] >>>> [2] http://about.me/fakessh [2] >>>> [3] http://p.sf.net/sfu/appdyn_d2d_feb [3] >>>> [4] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [4] >>>> [5] http://about.me/stamparm [5] >>> >>> -- >>> gpg --keyserver pgp.mit.edu [1] --recv-key C2626742 >>> http://about.me/fakessh [2] >> >> -- >> Miroslav Stampar >> http://about.me/stamparm [5] > > -- > Miroslav Stampar > http://about.me/stamparm [5] > > Links: > ------ > [1] http://pgp.mit.edu > [2] http://about.me/fakessh > [3] http://p.sf.net/sfu/appdyn_d2d_feb > [4] https://lists.sourceforge.net/lists/listinfo/sqlmap-users > [5] http://about.me/stamparm -- gpg --keyserver pgp.mit.edu --recv-key C2626742 http://about.me/fakessh ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
