problem with uploading webshell
46 views
Skip to first unread message
sergd...@gmail.com
Dec 11, 2013, 8:15:19 PM12/11/13
to jsql-in...@googlegroups.com
Hi!
Someone tell me how to load a web shell(WSO2.5)? Tested on many websites everywhere:
*** No FILE privilege
*** No FILE privilege
*** No FILE privilege
How to fix?
Thanks for the fast reply.
Someone tell me how to load a web shell(WSO2.5)? Tested on many websites everywhere:
*** No FILE privilege
*** No FILE privilege
*** No FILE privilege
How to fix?
Thanks for the fast reply.
ron190jSQL
Dec 13, 2013, 4:37:04 AM12/13/13
to jsql-in...@googlegroups.com, sergd...@gmail.com
Shell droping supposes creating a file on the remote server, but good administrators will disable the right 'FILE' in MySQL (called privilege). So you would use any method that leverage the user's rights, but for the moment I didn't found any valuable resources on that and I consider it like nearly impossible: you could try to use SQL command GRANT, but batch query is not possible, and you could create a SQL shell but without FILE right... dog chasing its tail. Keep on asking on the subject around you, maybe there is a method somewhere, and then come back to tell us ;)
The source of my own shell is the least advanced possible: <?php system($_GET['c']); ?>. I kept it simple to pair it with the Terminal control which doesn't need any strong features, it's a command prompt after all (see screenshot). But you could upload any shell if you had the FILE right.
Also actually shell drop don't work with errorbased/blind/time, I need to rework the SQL query for these methods.
Reply all
Reply to author
Forward
0 new messages