[Tutorial] SQLMap SQL Injection upload PHP Shell via Mysql

Publicado el: 04 julio 2015
en el canal de: VOX Bold
6,695
1

Extra:
You don't need to use sqlmap you can simply run the select statement in your browser it requires a bit more work tho.

A theory is that you can inject the full shellcode directly instead of first writing the uploader, the problems is that this specific shell is 268kB but maybe with a smaller shell

sqlmap is really powerful tool you can do shitt load of stuff with it here are some functions i find helpfull:

-o optimization
--threads=1-10 nr of threads (faster)
--dbms=mysql backend dbms (faster)
--level=1-5 more-tests
--risk=1-3 more-tests
--tor-port=xxxx connect through tor
--random-agent random user agent
--file-read=/etc/passwd read local file
--file-write=/etc/passwd write file to remote machine must be used with file-dest
--file-dest=/etc/passwd where to write the file-write
--os-shell like the sql-shell but system
--wizard for beginners
--check-waf Check for WAF/IPS/IDS protection

there are many more just check them out

The --file-read/write does not work most of the times maybe im doing something wrong thats why i use sql-shell to write files or do specific commands.

--os-shell is awesome, you cant write php code to disk tho.

well that was it i think, please share your thoughts/concerns or my mistakes


En esta página del sitio puede ver el video en línea [Tutorial] SQLMap SQL Injection upload PHP Shell via Mysql de Duración hora minuto segunda en buena calidad , que subió el usuario VOX Bold 04 julio 2015, comparta el enlace con amigos y conocidos, en youtube este video ya ha sido visto 6,695 veces y le gustó 1 a los espectadores. Disfruta viendo!