Penetrating a MySql Server

[r00fsec () gmail com]

Hi!!

So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page 
with a simple sql injection Bug.
MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it 
is not so easy to find out there a server like this but im now starting to "play" with these things.

I have try some technics but i didnt got the shell yet :p Here is what im doing..

1st I  use the load_file() function to see any file in the server like /etc/passwd
2nd i tried to use the technic of into outfile and then use it as Remote Code Execution but occurs an error. Because of 
the permissions.

Thats all i had tried in the home server.

Do you have any idea on how to continue penetrate this server ? If you want give me some hints to continue my exercise.

Thanks!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------