Hello , i have use : --os-shell , to upload shell via Sqlmap
but i dont know their path absolute from website
like :
usr/local/www/apache22/
var/www/htdocs/
So , can i have some suggest passed this challenge ?
Thank for your reply so much
It is not clear what you want. If you don't know the "path", sqlmap will automatically try several paths instead. If you know "path" you should use --web-root.
thank for your fast reply stamparm , so can i have more suggest to resolved this matter ? bro
It is really not clear what you want from the original post. "So , can i have some suggest passed this challenge ?" <- nothing is clear here
Oh ok , thank for your reply so much , and im so sorry if i have bother you to much bro
i mean : Victim site , have sql injection , i can get full their database via sqlmap
but i want upload shell to their website , use : --os-shell , and i cannot find page admin , and i dont know their path absolute too
so sqlmap can help me find path absolute or not ? , pls suggest me method upload shell to website via sqlmap, thank you again bro
As said, sqlmap automatically searches for directories. In case that it fails you can use --web-root. That's it.
Hi stamparm
Thank for your efforts so much , i really appreciate your help
but pls can you explain more ? why when i run
"sqlmap.py -u site.com --web-root"
its show
__H__
___ ___[']_____ ___ ___ {1.1.1.13#dev}
|_ -| . [,] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: sqlmap.py [options]
sqlmap.py: error: no such option: --web-root
Press Enter to continue...
Am I doing wrong bro ?
You are using version from January, while the latest revision is "1.1.3.6". Hasn't it occurred to you that maybe you should take a look into newer version?
thank you stamparm , you're best 💃
can i have link for last version sqlmap bro ? 🥇