Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 7

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap file system write access features: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being PostgreSQL 8.3.

The tool is instructed to identify possible SQL injections and exploit them by uploading a local file to the database server file system. sqlmap encoded the local file in base64, insert it into a temporary support table then abuses the PostgreSQL Large Object functions to export it to a file on the underlying file system.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1 --write-file /etc/passwd --dest-file /tmp/writetest -v 2

That's all! See you.