|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Spiros Antonatos (antonat
ics.forth.gr)
Date: Tue Jul 20 2010 - 15:13:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You need to check if you have permissions to read/write files
from mysql. Normally, non-root users do not have permission to
call LOAD_FILE and INTO OUTFILE.
Spiros
> I've got a vulnerable web app with a MySQL backend where I can inject
> into an INSERT query and I want to create a file. With a SELECT I
> would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
> how do you do it with an INSERT query?
>
> I tried:
>
> INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;
>
> That executes and size gets a new row with 22 and "abc" in it but it
> doesn't create the file.
>
> I also tried an UPDATE and had the same problem:
>
> UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE
> "/tmp/test");
>
> The update happens where big="abc" but no outfile.
>
> Can it be done?
>
> Robin
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]