Hi. We can provide this as a alternative and warn the user that file will
contain some garbage at the beggining. Just a reminder, it won't be suffice
in most number of cases (i can't wait reports with complaints related). Kr
On 5.6.2011. 16:26, "Sergio Charpinel Jr."
wrote:
> Miroslav,
>
> In my c
Miroslav,
In my case, I can access the file uploader, but I can't upload any files
(even text files) from the file uploader.
I agree I can't upload bin files in this case, but what about php files or
text files? The gargabe at the beggning will not affect them, I think.
Is that any way to upload
Hi sergio.
Answer to your question is NO. Why? Because while injecting file uploader
you'll get few chars of garbage (at least in union injection case) at the
start of file which are of not so importance for the uploader script itself,
and the file itself must be textual. Uploading any arbitrary f
Hy
I have a problem with data dumping.
When i run this sqlmap -u "http://website.com/vuln.php"; --cookie="cookies"
--random-agent --retries=6 --level 5 --risk 3 --dump -D database -T table
Place: GET
Parameter: id
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING
Hi Sergio,
sqlmap uses the file stager to upload the web backdoor. Can you try to
access the file stager from your browser? If so, can you upload it
from there?
Please, run again with -v3 --parse-errors and send us the full output,
privately if you prefer, so we can debug it properly.
Cheers,
Be
