Hi.
In that case could you please send the sqlmap traffic file got by using -t
traffic.txt along with your standard switches/options?
Kind regards,
Miroslav Stampar
On Sat, Sep 15, 2012 at 12:09 AM, Stephen Shkardoon wrote:
> Hi,
>
> Sorry, my mistake. I just copied the line and altered it to s
Hi,
Sorry, my mistake. I just copied the line and altered it to show that the
cookie was being used. In the real script, there was no parse error.
Nonetheless, sqlmap cannot pull out results.
Thanks
ss23
On Sat, Sep 15, 2012 at 9:55 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi
Hi.
I am not sure how are you able to "definitely able to pull out results" as
as I can see the problem lies in used PHP (enclosed pair of single quotes
with another pair of single quotes):
Bad:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (S
Hi all,
Trying to do a (simple) injection with sqlmap, and I can't seem to coax it
into getting it right.
The PHP source looks something like:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (SELECT userid FROM ccc_users AS cu WHERE sessionid
=
On 14 September 2012 13:49, Miroslav Stampar wrote:
> Hi.
>
> Original stager(.php) size is indeed 703 bytes, so sqlmap is not wrong in
> your case. You can check it by going into ./shell and running: "find
> backdoor.*_ stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i
> '{}' \;"
>
> I
Hi.
Original stager(.php) size is indeed 703 bytes, so sqlmap is not wrong in
your case. You can check it by going into ./shell and running: "find
backdoor.*_ stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i
'{}' \;"
If you want to debug you could try watching traffic with -v 5 or by
Looks like you've updated the shell sent over with os-shell but not
updated the size that the script checks to see if it exists.
Robin
[13:08:22] [WARNING] unable to retrieve the web server document root
please provide the web server document root [/var/www/]: /var/www/html/upload/
[13:08:29] [WA
