--sql-shell is not --os-shell. You can also try --os-cmd if you want to execute a one-off command.
See --help for explanations. On 02/23/2014 02:18 PM, Nikos Tzounakos wrote: > Hello, > there is an sqli in SQL SERVER 2008. When I execute sqlmap with the > parameter --sql-shell it gives me the shell but when I try to execute > a command > it cannot get the output and it says that xp_cmdshell is disabled. > (tried --no-cast and --hex as it suggests) > > I don't know if the output filtered by firewall, but how sqlmap is > able to create a cmd-shell while xp_cmdshell is disabled? > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
