Brandon Perry <bperry.volatile@...> writes: > > > Can you write to /tmp? > Instead of chowning the directory, just chmod -R 777 the dir you want to write the payload to, that's how many docs on the internet tell people to make an upload directory, for instance, writable by the web server. > > Of course, this is incorrect, but it's definitely easier than figuring out what your permissions really should be. > > > On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand- pkbjnfxxiarbdgjk7y7...@public.gmane.org> wrote: > Brandon Perry <bperry.volatile <at> ...> writes: > > > > > > Does the mysql user have write permissions on the web server? A properly > configured web server where chown www-data:www-data was done, as opposed to > chmod 777 on the web dir, which is an improper configuration, will not allow > the mysql user to write to the web root. > You are right, the /var/www has www-data:www-data set. So I created a temp > folder inside the web root with nobody:nogroup permission but I am still > getting the same error. Any more configurations I need to change in mysql db > for this to work. Thank you in advance. > > ------------------------------------------------------------------------- ----- > _______________________________________________ > sqlmap-users mailing listsqlmap-users- 5NWGOfrQmnc@public.gmane.orgurceforge.nethttps://lists.sourceforge.net/list s/listinfo/sqlmap-users
I should be able to write to /var/www/WackoPicko/temp but I still get the same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with no avail. Do I need to use different switches to be able to write to the web root?. I added the --file-dest write switch but still not working. The man page says --os-shell works only with writable web root directory and I created one but it doesn't work. However, I can get SQL shell on the database. sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"; --data "username=hacker&password=password&submit=login" --os-shell -v 1 --flush-session --file-dest=http://x.x.x.x/WackoPicko/users ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
