WebApp Sec mailing list archives
Re: mysql selecting into outfile in an insert
From: Robin Wood <robin () digininja org>
Date: Wed, 21 Jul 2010 09:02:18 +0100
On 21 July 2010 01:41, Camilo Uribe <camilo.uribe () gmail com> wrote:
On Tue, Jul 20, 2010 at 4:14 PM, Robin Wood <robin () digininja org> wrote:On 20 July 2010 21:13, Spiros Antonatos <antonat () ics forth gr> wrote:You need to check if you have permissions to read/write files from mysql. Normally, non-root users do not have permission to call LOAD_FILE and INTO OUTFILE.Not sure on the vulnerable app I'm testing but in my lab I'm on as root and can run the "select into outfile" fine.Look for the file privilege: http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_file By the way as a security measure, mysql will not overwrite existing files.
As I said, on my box I'm root, I've all the privs available and the "into outfile" works fine on its own. Robin
RobinSpirosI've got a vulnerable web app with a MySQL backend where I can inject into an INSERT query and I want to create a file. With a SELECT I would use a UNION and then SELECT whatever INTO OUTFILE "filename" but how do you do it with an INSERT query? I tried: INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ; That executes and size gets a new row with 22 and "abc" in it but it doesn't create the file. I also tried an UPDATE and had the same problem: UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE "/tmp/test"); The update happens where big="abc" but no outfile. Can it be done? Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- mysql selecting into outfile in an insert Robin Wood (Jul 20)
- Re: mysql selecting into outfile in an insert Spiros Antonatos (Jul 20)
- Re: mysql selecting into outfile in an insert Robin Wood (Jul 20)
- Re: mysql selecting into outfile in an insert Camilo Uribe (Jul 20)
- Re: mysql selecting into outfile in an insert Robin Wood (Jul 21)
- Re: mysql selecting into outfile in an insert Robin Wood (Jul 20)
- Re: mysql selecting into outfile in an insert Spiros Antonatos (Jul 20)
- <Possible follow-ups>
- Re: mysql selecting into outfile in an insert salchoman (Jul 20)