Penetration Testing mailing list archives

Re: Abusing? MySQL 3.23.28-gamma

From: "rudi carell" <rudicarell () hotmail com>
Date: Tue, 25 Sep 2001 08:40:17

hola,

This should work on most systems.
If it does not work, you should try to find a more priviledged user-account.

1) Create a new table "name" with one huge character or text field;

2) Insert your favourite string .. INSERT INTO name VALUES("whatever youwant");

3) Select above into file .. SELECT * FROM name INTO OUTFILE'/dir/file.ext';

if you have a web-server running on the same machine it should be possibleto create a server-side script (asp,php,ssi oO.) for your intention.

if this specific account is not allowed to use "INTO OUTFILE" try toescalate the privs.



rc

security () freefly com
http://www.freefly.com/security/

Hi everybody.
I need to demonstrate not only the capability to drop databases and >modify
data, but to execute system commands and/or get files not accesable >via
web-server.


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Abusing? MySQL 3.23.28-gamma Arturo "Buanzo" Busleiman (Sep 24)
- <Possible follow-ups>
- Re: Abusing? MySQL 3.23.28-gamma rudi carell (Sep 25)