EvilZone

Hacking and Security => Hacking and Security => : z3ro August 17, 2012, 05:25:04 PM

: Shell from SQLi??
: z3ro August 17, 2012, 05:25:04 PM

Any way I could drop a shell on a server with SQLi??

: Re: Shell from SQLi??
: NeX August 17, 2012, 09:31:24 PM

Depends :P You can use INTO FILE for MySQL and there's a little trick for mssql to run cmd commands..

: Re: Shell from SQLi??
: ande August 18, 2012, 04:11:49 PM

Like NeX said, yes there are ways of doing it. But from experience it almost never work. You are better of getting logins from the DB and try to upload a shell through some admin panel or something similar.

: Re: Shell from SQLi??
: relax August 22, 2012, 01:33:44 AM

do you know the username and password to the mysql server?
if u do you could run
mysql -h [ip] -u [username] -p [password]
then in console
SELECT ('code') INTO OUTFILE "[PATH]";
or some variant of that. you can also check out
http://websec.wordpress.com/2007/11/17/mysql-into-outfile/

: Re: Shell from SQLi??
: z3ro August 23, 2012, 05:08:04 PM

: relax  August 22, 2012, 01:33:44 AM

do you know the username and password to the mysql server?
if u do you could run
mysql -h [ip] -u [username] -p [password]
then in console
SELECT ('code') INTO OUTFILE "[PATH]";
or some variant of that. you can also check out
http://websec.wordpress.com/2007/11/17/mysql-into-outfile/ (http://websec.wordpress.com/2007/11/17/mysql-into-outfile/)

hmm... i'm gonna take a look.. Thanks   ;)