Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
different ways to use INTO OUTFILE in MySQL
Nov 25 2011 05:08PM
Robin Wood (robin digininja org)
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:
select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";
But I've always used:
select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";
Both end up wi...
[ more ]
Copyright 2010, SecurityFocus