WebApp Sec mailing list archives
different ways to use INTO OUTFILE in MySQL
From: Robin Wood <robin () digininja org>
Date: Fri, 25 Nov 2011 17:08:34 +0000
Hi I've been talking to Miroslav (sqlmap developer) about the way he creates files using INTO OUTFILE. He uses the following syntax: select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>"; But I've always used: select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y"; Both end up with the same file contents and both, I think, can be used in most types of injection. So, I was wondering, are there any cases where one is better than the other? I know that there may be cases where one fits into an injection easier than the other because of the way the parameters fall so I'm thinking more about the actual technique, is using LINES TERMINATED BY "better" in some environments or vise-versa? Any comments? And while I was writing this I realised that you could combine them both if you wanted: select "<?php " INTO OUTFILE "/tmp/z" LINES TERMINATED BY "exec('ls');?>"; Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- different ways to use INTO OUTFILE in MySQL Robin Wood (Nov 25)