|
|
Web Application Security
mysql selecting into outfile in an insert Jul 20 2010 06:00PM Robin Wood (robin digininja org) (1 replies) Re: mysql selecting into outfile in an insert Jul 20 2010 08:13PM Spiros Antonatos (antonat ics forth gr) (1 replies) |
|
Privacy Statement |
> You need to check if you have permissions to read/write files
> from mysql. Normally, non-root users do not have permission to
> call LOAD_FILE and INTO OUTFILE.
Not sure on the vulnerable app I'm testing but in my lab I'm on as
root and can run the "select into outfile" fine.
Robin
>
> Spiros
>
>
>> I've got a vulnerable web app with a MySQL backend where I can inject
>> into an INSERT query and I want to create a file. With a SELECT I
>> would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
>> how do you do it with an INSERT query?
>>
>> I tried:
>>
>> INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;
>>
>> That executes and size gets a new row with 22 and "abc" in it but it
>> doesn't create the file.
>>
>> I also tried an UPDATE and had the same problem:
>>
>> UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE
>> "/tmp/test");
>>
>> The update happens where big="abc" but no outfile.
>>
>> Can it be done?
>>
>> Robin
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>>
>
>
>
>
>
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]