The MYSQL read-write permissions into the system system permissions-bug warning-the black bar safety net

ID MYHACK58:62200716757
Type myhack58
Reporter 佚名
Modified 2007-09-02T00:00:00


Previously I was in octal released a for MYSQL provide the right of the UDF, but it seems a lot of friends not really understand its use, people keep asking me and it's method of use, someone simply told me to write this UDF dedicated PHP. To be honest as I write this in PHP before you learn only through the point of the ASP, the PHP that is illiterate, so the program in the wrong in the inevitable, master do not laugh it. PHP write the more stupid here is not to tell it how to write, speak directly to its use.

A, function: using MYSQL custom function-again statement: the use of MYSQL UDFS providing the right to not be overflow, but MYSQL itself a function of the MYSQL account into the system with system privileges.

Second, applicable occasions: 1. The target system is a Windows(Win2000,XP,Win2003); 2.the You already have MYSQL a user account, this account must have the mysql insert, and delete privileges to create and discard functions(MYSQL documentation of the primitive) is.

Third, the use of help: The first step: the PHP file is uploaded to the target machine on, fill in your MYSQL account via the line connection. Figure 1 ! Second step: after a successful connection, the export DLL file, when you export do not pay attention to the export path is generally the case for any directory writable, regardless of the permissions issues for MYSQL5. 0 or above version, you must move the DLL to export to the target machine's system directory(win or system32), otherwise in the next step you will see"No paths allowed for shared library"error. Figure 2 ! Third step: use SQL statements to create the function function. Syntax: Create Function function name the function name can only be in the list below one of the returns string soname 'export DLL path'; for MYSQL5. 0 version above, the statement in the DLL is not allowed with the full path, if your in the second step has to be exported by the DLL to the system directory, then you can omit the path and the mission that often, otherwise you will see"Can't open shared library"error, then you must move the DLL to re-export to the system directory. Figure 3 ! Fourth step: correct the CREATE FUNCTION, you can use SQL statement to use these functions. Syntax: select Create Function Name('parameter list'); each function has different parameters, you can use the select to create the function name('help'); to get the specified function's parameter list information. Figure 4 ! The fifth step: use the completed you may need to remove in the second step in the export of the DLL, but after deleting the DLL before you remove your in the third step in the CREATE FUNCTION, otherwise the delete operation will fail, delete the third step in the CREATE FUNCTION SQL statement: drop function create function name. Figure 5 ! Fourth, the function of the Function Description: cmdshell execute cmd; downloader Downloader,to Internet to download the specified file and saved to the specified directory; open3389 General open 3 3 8 9 Terminal Services,you can specify the port(do not change the port without restart); backshell bounce the Shell; ProcessView enumeration system processes; KillProcess terminates the specified process; regread to read registry; regwrite to write registry; shut shutdown,logoff,reboot; about Description with the help function;