[sqlmap question] load_file with sql-shell

[l0ngb1t]

Greetings,

am playing arround with sqlmap, especially with --sql-shell shell,
however when i load a file using load_file('FILE_PATH') something weird happens.
some files i can display but other files returns the following result.
and i am sure the file exists.

[13:48:31] [INFO] fetching SQL query output: 'load_file('/var/www/html/test_file1.php')'
[13:48:56] [INFO] retrieved:
sql-shell>

any idea on that ? is it a permissions issue, any thoughts on how we can go around it ?

[bad_brain]

what's the full command you are using?

[l0ngb1t]

the following command:

sqlmap.py -u http://172.16.10.1/index.php" onclick="window.open(this.href);return false; -u --forms --sql-shell

[bad_brain]

hm, I don't have it installed at the moment, but I doubt the second -u switch is right..

[ayu]

Correct syntax would be

sqlmap.py -u "http://172.16.10.1/index.php" --forms --sql-shell

Also, have you tried retrieving other files in the same location?
And what other files have you tried?

Try comparing the permissions between those files.

[l0ngb1t]

Oooops, the second -u is a mistyping, it wasn't included in the command so i guess my command was correct.
@cats, yes i am able to retrieve other files in the same location, i will go and try to compare the files permission somehow.
i will post the results here.

Thank you.