|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robin Wood (robin
digininja.org)
Date: Tue Jul 20 2010 - 13:00:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've got a vulnerable web app with a MySQL backend where I can inject
into an INSERT query and I want to create a file. With a SELECT I
would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
how do you do it with an INSERT query?
I tried:
INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;
That executes and size gets a new row with 22 and "abc" in it but it
doesn't create the file.
I also tried an UPDATE and had the same problem:
UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE "/tmp/test");
The update happens where big="abc" but no outfile.
Can it be done?
Robin
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]