Full Disclosure mailing list archives

Re: MySQL trick for SQL injection

From: Valdis.Kletnieks () vt edu
Date: Fri, 06 Nov 2009 11:37:28 -0500

On Fri, 06 Nov 2009 10:04:54 CST, Paul Schmehl said:

What privileges did the user who performed the select have?

INTO OUTFILE is a dangerous routine (as you've clearly demonstrated), but that 
privilege must be specifically granted to a user before it's possible to 
execute it.  No sensible administrator would grant the FILE privilege to a 
webserver application's database acccount.


Very true, but a good blackhat always keeps a good supply of ways to exploit
common stupid administrator mistakes.  I'd not be surprised in the least if
more than 10% of the sites, some admin under time pressure to Just Fix It
assigned FILE privs to get the web application back up and running.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

MySQL trick for SQL injection Vladimir Vorontsov (Nov 06)
- Re: MySQL trick for SQL injection Paul Schmehl (Nov 06)
  - Re: MySQL trick for SQL injection Valdis . Kletnieks (Nov 06)
    - Re: MySQL trick for SQL injection Tim (Nov 06)
    - Re: MySQL trick for SQL injection Paul Schmehl (Nov 06)