Can you write to /tmp?
Pick a directory you KNOW you should be able to write to, and ensure you can write to that first. Also, maybe SELinux/AppArmor are getting in the way. On Fri, Aug 15, 2014 at 9:52 AM, Omara <coldh...@hotmail.com> wrote: > Brandon Perry <bperry.volatile@...> writes: > > > > > > > Can you write to /tmp? > > Instead of chowning the directory, just chmod -R 777 the dir you want to > write the payload to, that's how many docs on the internet tell people to > make an upload directory, for instance, writable by the web server. > > > > Of course, this is incorrect, but it's definitely easier than figuring > out what your permissions really should be. > > > > > > On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand- > pkbjnfxxiarbdgjk7y7...@public.gmane.org> wrote: > > Brandon Perry <bperry.volatile <at> ...> writes: > > > > > > > > > Does the mysql user have write permissions on the web server? A > properly > > configured web server where chown www-data:www-data was done, as opposed > to > > chmod 777 on the web dir, which is an improper configuration, will not > allow > > the mysql user to write to the web root. > > You are right, the /var/www has www-data:www-data set. So I created a > temp > > folder inside the web root with nobody:nogroup permission but I am still > > getting the same error. Any more configurations I need to change in > mysql db > > for this to work. Thank you in advance. > > > > ------------------------------------------------------------------------- > ----- > > _______________________________________________ > > sqlmap-users mailing listsqlmap-users- > 5NWGOfrQmnc@public.gmane.orgurceforge.nethttps:// > lists.sourceforge.net/list > s/listinfo/sqlmap-users > > > I should be able to write to /var/www/WackoPicko/temp but I still get the > same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with > no avail. Do I need to use different switches to be able to write to the > web root?. I added the --file-dest write switch but still not working. The > man page says --os-shell works only with writable web root directory and I > created one but it doesn't work. However, I can get SQL shell on the > database. > > sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"; > --data "username=hacker&password=password&submit=login" --os-shell -v 1 > --flush-session --file-dest=http://x.x.x.x/WackoPicko/users > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
