Shulou(Shulou.com)06/01 Report--

Editor to share with you how to write Mysql injection Shell reading files, I hope you will learn something after reading this article, let's discuss it together!

First, export the function to write shell

Directly write an accessible webshell by using the export function of Mysql

1.1 conditions

1. The absolute path to the accessible path of the website

Error

Enter an exception value to cause the script to report an active error, or the foot error message of the googlehacking target

Phpinfo

Scan the catalog for phpinfo

Speculate

The target may use an integrated installation package, such as phpstudy

C:\ phpStudy\ WWW\ C:\ phpStudy\ WWW\ domain name\

Enumerate

High frequency absolute path

Read the configuration file

Middleware, configuration file for web

The value of 2.secure_file_priv is not NULL or contains the absolute path of the export

The value of secure_file_priv is set in the mysql configuration file my.ini, which is used to restrict data import and export

Mysql > = 5.5.53 defaults to NULL, that is, import and export are prohibited by default

Mysql

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.