Web Application Security
different ways to use INTO OUTFILE in MySQL Nov 25 2011 05:08PM
Robin Wood (robin digininja org)
Hi
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:

select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";

But I've always used:

select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";

Both end up with the same file contents and both, I think, can be used
in most types of injection.

So, I was wondering, are there any cases where one is better than the
other? I know that there may be cases where one fits into an injection
easier than the other because of the way the parameters fall so I'm
thinking more about the actual technique, is using LINES TERMINATED BY
"better" in some environments or vise-versa?

Any comments?

And while I was writing this I realised that you could combine them
both if you wanted:

select "<?php " INTO OUTFILE "/tmp/z" LINES TERMINATED BY "exec('ls');?>";

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus