Brandon Perry <bperry.volatile@...> writes: > > > Can you write to /tmp? > > Pick a directory you KNOW you should be able to write to, and ensure you can write to that first. > > Also, maybe SELinux/AppArmor are getting in the way. > > > On Fri, Aug 15, 2014 at 9:52 AM, Omara <coldhand- pkbjnfxxiarbdgjk7y7...@public.gmane.org> wrote: > Brandon Perry <bperry.volatile <at> ...> writes: > > > > > > Can you write to /tmp? > > Instead of chowning the directory, just chmod -R 777 the dir you want to > write the payload to, that's how many docs on the internet tell people to > make an upload directory, for instance, writable by the web server. > > > > Of course, this is incorrect, but it's definitely easier than figuring > out what your permissions really should be. > > > > > > On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand- pkbjnfxxiarbdgjk7y7...@public.gmane.org> wrote:> Brandon Perry <bperry.volatile <at> ...> writes: > > > > > > > > > Does the mysql user have write permissions on the web server? A > properly > > configured web server where chown www-data:www-data was done, as opposed > to > > chmod 777 on the web dir, which is an improper configuration, will not > allow > > the mysql user to write to the web root. > > You are right, the /var/www has www-data:www-data set. So I created a > temp > > folder inside the web root with nobody:nogroup permission but I am still > > getting the same error. Any more configurations I need to change in > mysql db > > for this to work. Thank you in advance. > > > > ------------------------------------------------------------------------ - > ----- > > _______________________________________________ > > sqlmap-users mailing listsqlmap-users- > 5NWGOfrQmnc- XMD5yJDbdMReXY1tMh2IBpG/4tX0xfm6C0JFWXbtX6LTB0XVy/q...@public.gmane.org://li sts.sourceforge.net/list > s/listinfo/sqlmap-users > I should be able to write to /var/www/WackoPicko/temp but I still get the > same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with > no avail. Do I need to use different switches to be able to write to the > web root?. I added the --file-dest write switch but still not working. The > man page says --os-shell works only with writable web root directory and I > created one but it doesn't work. However, I can get SQL shell on the > database. > sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"--data "username=hacker&password=password&submit=login" --os-shell -v 1 > --flush-session --file-dest=http://x.x.x.x/WackoPicko/users > > -------------------------------------------------------------------------- ---- > _______________________________________________ > sqlmap-users mailing listsqlmap-users- 5NWGOfrQmnc@public.gmane.orgurceforge.nethttps://lists.sourceforge.net/lists /listinfo/sqlmap-users
I tried the same sqlmap command with different switches on DVWA and it worked. It's ubuntu-based lampp web server with an "uploads" folder in its root with nobody permissions. But I still can't get to upload the stager file to OWASPBWA. I disabled apparmor as you recommended and the tmp folder is writable but it made no difference. I still get 404 not found. ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
