没有合适的资源?快使用搜索试试~ 我知道了~
load_file参考资料 从exploit.db上找到的资料 load_file参考资料 从exploit.db上找到的资料
资源推荐
资源详情
资源评论
| MySQL Injection - Simple Load File and Into OutFile (tutorial)
|
| Author: MikiSoft
----------------------------------------------------------------
===
[ Part 1 - Introduction ]
If you know (basic) MySQL Injection, you can read this tutorial...
Ok, let's see now what are Load File and Into OutFile.
-- What are Load File and Into OutFile?
That are syntaxes (used in MySQL Injections).
Load File: Reads the file and returns the file contents as a string.
Into OutFile: Writes the selected rows to a file. The file is created on the server host, so you must have the file privilege to use this syntax. File to be written cannot be an existing file, which among other things prevents files (such as "/etc/passwd") and database tables from being destroyed.
(... from: MySQL.com)
Ok, let's begin now!
-
[ Part 2 - Access to "mysql.user" table and file privileges ]
If you are using MySQL Injection method (to hack sites), and before you find target table (and columns),
check, if you have access to "mysql.user" table.
And you must replace in URL one visible column (i.e. number, that is shown, on page), with (string) "user", to see user name.
Let's see our example:
|
| Author: MikiSoft
----------------------------------------------------------------
===
[ Part 1 - Introduction ]
If you know (basic) MySQL Injection, you can read this tutorial...
Ok, let's see now what are Load File and Into OutFile.
-- What are Load File and Into OutFile?
That are syntaxes (used in MySQL Injections).
Load File: Reads the file and returns the file contents as a string.
Into OutFile: Writes the selected rows to a file. The file is created on the server host, so you must have the file privilege to use this syntax. File to be written cannot be an existing file, which among other things prevents files (such as "/etc/passwd") and database tables from being destroyed.
(... from: MySQL.com)
Ok, let's begin now!
-
[ Part 2 - Access to "mysql.user" table and file privileges ]
If you are using MySQL Injection method (to hack sites), and before you find target table (and columns),
check, if you have access to "mysql.user" table.
And you must replace in URL one visible column (i.e. number, that is shown, on page), with (string) "user", to see user name.
Let's see our example:
资源评论
Eugene800
- 粉丝: 644
- 资源: 40
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功