mailing list archives
Re: MySQL trick for SQL injection
From: Valdis.Kletnieks () vt edu
Date: Fri, 06 Nov 2009 11:37:28 -0500
On Fri, 06 Nov 2009 10:04:54 CST, Paul Schmehl said:
What privileges did the user who performed the select have?
INTO OUTFILE is a dangerous routine (as you've clearly demonstrated), but that
privilege must be specifically granted to a user before it's possible to
execute it. No sensible administrator would grant the FILE privilege to a
webserver application's database acccount.
Very true, but a good blackhat always keeps a good supply of ways to exploit
common stupid administrator mistakes. I'd not be surprised in the least if
more than 10% of the sites, some admin under time pressure to Just Fix It
assigned FILE privs to get the web application back up and running.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/