0x50sec.org

From:http://www.milw0rm.com/papers/372
o00000000000000000000000000000000000000000000000000000o [!] Paper about:
8 .o8 8 INTO OUTFILE (Mysql)
8 “888 8 [!] Athor: xados
8 oooo ooo .oooo. .oooo888 .ooooo. .oooo.o 8 [!] Contact:
8 `88b..8P’ `P )88b d88′ `888 d88′ `88b d88( “8 8 xados@hotmail.it
8 Y888′ .oP”888 888 888 888 888 `”Y88b. 8 [!] Thnaks to:
8 .o8″’88b d8( 888 888 888 888 888 o. )88b 8 Johannes Dahse
8 o88′ 888o `Y888″”8o `Y8bod88P” `Y8bod8P’ 8″”888P’ 8 becouse this
8 8 paper is from
8 8 his mind.
o00000000000000000000000000000000000000000000000000000o ~ ~ ~

[+1] The FILE privilege

If we want to read or write to files we have to have the FILE privilege.
First see wich user we are in db with code:

0′ UNION SELECT current_user,null /*

you can put current_user or user() or system_user

This will give us the username@server. //(normally ..@localhost)
阅读全文…

简单翻译整理

http://www.milw0rm.com/papers/372

关于MySQL into outfile的条件很多人都总结过
1.web服务与MySQL运行在同一台服务器上
2.MySQL版本在3以上
3.有file_priv权限
4.magic_quotes=off
5.知道可写的web路径
laod_file()条件4不需要满足，但也需要路径。

对into outfile第四个条件往往在新的站中很难满足，第5个条件有时候也不容易满足。
这里主要讨论web路径的获得
milw0rm.com有一篇文章http://www.milw0rm.com/papers/372
阅读全文…