Penetration Testing mailing list archives
Re: Injected, whats next
From: Jon Hart <jhart () spoofed org>
Date: Thu, 17 Aug 2006 10:54:54 -0700
On Thu, Aug 17, 2006 at 05:41:06PM +0400, DokFLeed wrote:
I am testing a web application, I can run UPDATE & SELECT Does anyone know a way to upload a file to a server through MySQL ! does it allow running system commands or a way to dump a file from the database to the server? its LAMP , Linux, Apache, MySQL, PHP any ideas!!
use 'into outfile'. You'll be limited by DB and filesystem permissions, though. select 'foobar' into outfile '/tmp/blahfoo'; -jon ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- SQL injection (or not?) rr (Aug 08)
- Re: SQL injection (or not?) Mike Klingler (Aug 08)
- Re: SQL injection (or not?) A. Ramos (Aug 09)
- <Possible follow-ups>
- RE: SQL injection (or not?) Isidro Ramon Labrador Rodriguez (Aug 09)
- RE: SQL injection (or not?) Tonnerre Lombard (Aug 09)
- Re: SQL injection (or not?) DokFLeed (Aug 09)
- Injected, whats next DokFLeed (Aug 17)
- Re: Injected, whats next Jon Hart (Aug 18)
- RE: Injected, whats next Clemens, Dan (Aug 18)
- Re: Injected, whats next Serg B. (Aug 18)
- Message not available
- Re: Injected, whats next Serg B. (Aug 18)
- Re: Injected, whats next Brendan Dolan-Gavitt (Aug 18)
- Re: Injected, whats next DokFLeed (Aug 18)