Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the ways of uploading WebShell to the database". In the daily operation, I believe that many people have doubts about the way the database uploads WebShell. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "how to upload WebShell from the database." Next, please follow the editor to study!

What is WebShell?

To put it simply, webshell is the back door of an asp or php Trojan horse. After hackers invade a website, they often put these asp or php Trojan back door files in the web directory of the website server and mix them with normal web files. Hackers can then use web to control the web server through the back door of asp or php Trojans, including uploading and downloading files, viewing databases, executing arbitrary program commands, and so on.

To better understand WebShell, we learn two concepts:

What is a Trojan horse?

The full name of "Trojan horse" is "Trojan horse", which originally refers to the story of ancient Greek soldiers hiding in Trojans to enter enemy cities and occupy enemy cities.

On Internet, "Trojan horse" means that some programmers include programs that can control the user's computer system in the applications or games they can download (Download) from the network, which may cause the user's system to be damaged or even paralyzed.

What is the back door?

As we all know, there are 65535 ports on a computer, so if the computer is regarded as a room, then the 65535 ports can be regarded as the 65535 doors opened by the computer to connect with the outside world. Behind every door is a service. Some doors are specially opened by the host to greet the guests, while others are opened by the host to go out to visit the guests (access remote services)-in theory, the rest of the doors are supposed to be closed, but for various reasons, many doors are open. As a result, people with good affairs entered, the privacy of the owner was spied on, life was disturbed, and even the things in the house were messed up. The door that was quietly opened was the "back door".

Advantages of webshell

The biggest advantage of webshell is that it can pass through the firewall. Because the data exchanged with the controlled server or remote host is transmitted through port 80, it will not be intercepted by the firewall. And the use of webshell generally will not leave a record in the system log, but will only leave some data submission records in the web log of the website. It is difficult for inexperienced administrators to see the signs of intrusion.

II. Classification of WebShell

Classified according to file size: pony and pony (usually refers to a Trojan horse, which can be connected directly using tools such as kitchen knives)

Classified by script name: jsp, asp, aspx, php

The function of the pony is relatively single, while the function of the horse is relatively rich, which integrates upload and download, database rights raising, CMD command operation, cloning, proxy and other functions, as shown in the following figure.

Three ways of uploading WebShell from database (1) into out file write

Secure_file_priv in the database supports web directory file export, database user File permissions, and access to physical paths. This parameter has three states:

Secure_file_priv=NULL

Indicates that the write switch is off

Secure_file_priv= ""

Indicates that the write switch is on and can be written to any directory

Secure_file_priv= "C:/phpStudy/PHPTutorial/WWW"

Indicates that the write switch is on and writes to the specified path, and if the write path is not a Web path, you cannot use this feature to write to WehShell.

The switch does not work through the SQL command

Set global secure_file_priv= "C:/phpStudy/PHPTutorial/WWW"

Parameter switch can only be modified by modifying the mysql.ini configuration file, which is quite limited.

If the switch is turned on, the correct SQL statement to write to WebShell is as follows:

Select "" into outfile "C://phpStudy//PHPTutorial//WWW//shell.php"

Then use this kitchen knife, ant sword or ice scorpion link.

(2) write through general_log log

You can upload webshell by modifying the log switch, which requires database root permission. You can turn on the general_log switch and set the log location through the SQL statement (you need to know the root path location of Web in advance)

After the modification, pass the

Select ""

WebShell can be written, and the contents of the written php file are shown in the following figure.

(3) write through backup database vulnerabilities

Database backup is a necessary function of most CMS background management pages, but if the background verification is not strict, it is easy to upload WebShell by restoring backup. According to the CMS of emlog, the test version 5.3.0

3.1 View web path address

Directly on the administration page, click more information

You can search for document_root on the phpinfo page.

3.2 back up the database first

Back up the database first by using the database backup function of the management page

3.3 modify the contents of backup files

Open the backed-up SQL file and add the following SQL statement before the final statement

Write to webshell; through into outfile and finally link through a kitchen knife.

How to defend against WebShell?

Database application should do a good job of security reinforcement, should not turn on the switch as far as possible; at the same time, do a good job of database backup and reply of the background check, usually do a good job of daily security protection.

At this point, the study of "what are the ways of uploading WebShell to the database" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.