[Tutorial] SQLMap SQL Injection upload PHP Shell via Mysql

Pubblicato il: 04 luglio 2015
sul canale di: VOX Bold
6,695
1

Extra:
You don't need to use sqlmap you can simply run the select statement in your browser it requires a bit more work tho.

A theory is that you can inject the full shellcode directly instead of first writing the uploader, the problems is that this specific shell is 268kB but maybe with a smaller shell

sqlmap is really powerful tool you can do shitt load of stuff with it here are some functions i find helpfull:

-o optimization
--threads=1-10 nr of threads (faster)
--dbms=mysql backend dbms (faster)
--level=1-5 more-tests
--risk=1-3 more-tests
--tor-port=xxxx connect through tor
--random-agent random user agent
--file-read=/etc/passwd read local file
--file-write=/etc/passwd write file to remote machine must be used with file-dest
--file-dest=/etc/passwd where to write the file-write
--os-shell like the sql-shell but system
--wizard for beginners
--check-waf Check for WAF/IPS/IDS protection

there are many more just check them out

The --file-read/write does not work most of the times maybe im doing something wrong thats why i use sql-shell to write files or do specific commands.

--os-shell is awesome, you cant write php code to disk tho.

well that was it i think, please share your thoughts/concerns or my mistakes


In questa pagina del sito puoi guardare il video online [Tutorial] SQLMap SQL Injection upload PHP Shell via Mysql della durata di ore minuti seconda in buona qualità , che l'utente ha caricato VOX Bold 04 luglio 2015, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 6,695 volte e gli è piaciuto 1 spettatori. Buona visione!