| MySQL Injection - Simple Load File and Into OutFile (tutorial)
|
| Author: MikiSoft
----------------------------------------------------------------
===
[ Part 1 - Introduction ]
If you know (basic) MySQL Injection, you can read this tutorial...
Ok, let's see now what are Load File and Into OutFile.
-- What are Load File and Into OutFile?
That are syntaxes (used in MySQL Injections).
Load File: Reads the file and returns the file contents as a string.
Into OutFile: Writes the selected rows to a file. The file is created on the server host, so you must have the file privilege to use this syntax. File to be written cannot be an existing file, which among other things prevents files (such as "/etc/passwd") and database tables from being destroyed.
(... from: MySQL.com)
Ok, let's begin now!
-
[ Part 2 - Access to "mysql.user" table and file privileges ]
If you are using MySQL Injection method (to hack sites), and before you find target table (and columns),
check, if you have access to "mysql.user" table.
And you must replace in URL one visible column (i.e. number, that is shown, on page), with (string) "user", to see user name.
Let's see our example:
本内容试读结束,登录后可阅读更多
下载后可阅读完整内容,剩余3页未读,立即下载
