WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mysql selecting into outfile in an insert

From: "Spiros Antonatos" <antonat () ics forth gr>
Date: Tue, 20 Jul 2010 23:13:45 +0300
You need to check if you have permissions to read/write files
from mysql. Normally, non-root users do not have permission to
call LOAD_FILE and INTO OUTFILE.

Spiros



I've got a vulnerable web app with a MySQL backend where I can inject
into an INSERT query and I want to create a file. With a SELECT I
would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
how do you do it with an INSERT query?

I tried:

INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;

That executes and size gets a new row with 22 and "abc" in it but it
doesn't create the file.

I also tried an UPDATE and had the same problem:

UPDATE size SET big=22 WHERE big =  (SELECT "abc" INTO OUTFILE
"/tmp/test");

The update happens where big="abc" but no outfile.

Can it be done?

Robin



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------










This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: