Extra:
You don't need to use sqlmap you can simply run the select statement in your browser it requires a bit more work tho.
A theory is that you can inject the full shellcode directly instead of first writing the uploader, the problems is that this specific shell is 268kB but maybe with a smaller shell
sqlmap is really powerful tool you can do shitt load of stuff with it here are some functions i find helpfull:
-o optimization
--threads=1-10 nr of threads (faster)
--dbms=mysql backend dbms (faster)
--level=1-5 more-tests
--risk=1-3 more-tests
--tor-port=xxxx connect through tor
--random-agent random user agent
--file-read=/etc/passwd read local file
--file-write=/etc/passwd write file to remote machine must be used with file-dest
--file-dest=/etc/passwd where to write the file-write
--os-shell like the sql-shell but system
--wizard for beginners
--check-waf Check for WAF/IPS/IDS protection
there are many more just check them out
The --file-read/write does not work most of the times maybe im doing something wrong thats why i use sql-shell to write files or do specific commands.
--os-shell is awesome, you cant write php code to disk tho.
well that was it i think, please share your thoughts/concerns or my mistakes
Auf dieser Seite können Sie das Online-Video [Tutorial] SQLMap SQL Injection upload PHP Shell via Mysql mit der Dauer stunde minuten sekunde in guter Qualität ansehen, das der Benutzer VOX Bold 04 Juli 2015 hochgeladen hat, den Link mit Freunden und Bekannten teilen, dieses Video wurde auf Youtube bereits 6,695 Mal angesehen und es wurde von 1 den Zuschauern gefallen. Viel Spaß beim Betrachtenden Zuschauern gefallen!