hi again.
sorry, i was out of town (without source code) and haven't noticed
that we already do support this in this kind of cases.
also, i've tried to against our testing environment and both methods
do the job correctly.
this means that maybe in your case we do have some bug/problem.
kr
On S
Hi. We can provide this as a alternative and warn the user that file will
contain some garbage at the beggining. Just a reminder, it won't be suffice
in most number of cases (i can't wait reports with complaints related). Kr
On 5.6.2011. 16:26, "Sergio Charpinel Jr."
wrote:
> Miroslav,
>
> In my c
Miroslav,
In my case, I can access the file uploader, but I can't upload any files
(even text files) from the file uploader.
I agree I can't upload bin files in this case, but what about php files or
text files? The gargabe at the beggning will not affect them, I think.
Is that any way to upload
Hi sergio.
Answer to your question is NO. Why? Because while injecting file uploader
you'll get few chars of garbage (at least in union injection case) at the
start of file which are of not so importance for the uploader script itself,
and the file itself must be textual. Uploading any arbitrary f
Hi Sergio,
sqlmap uses the file stager to upload the web backdoor. Can you try to
access the file stager from your browser? If so, can you upload it
from there?
Please, run again with -v3 --parse-errors and send us the full output,
privately if you prefer, so we can debug it properly.
Cheers,
Be
