My target has a time-based SQLi and is dba and has full root privileges.
I tried to do --os-cmd / --os-shell but it cannot find the root dir to write the file stagger. I wonder if an attacker can exploit this knowing the web root directory.
Sqlmap uses a list of default paths and also some customized ones based of the name of the site - The site uses Apache which default directory usually is /var/www/html/
Also tried to build some custom path lists made from the database/table names, I couldn't find any complete seclists on github. Keep in mind the path could be custom such as /home/userwebsite2023/public_html/
Is there a way to somehow retrieve the root directory aka (absolute path) of the webserver?
