Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Injected, whats next
From: Jon Hart <jhart () spoofed org>
Date: Thu, 17 Aug 2006 10:54:54 -0700

On Thu, Aug 17, 2006 at 05:41:06PM +0400, DokFLeed wrote:
I am testing a web application, I can run  UPDATE & SELECT
Does anyone know a way to upload a file to a server through MySQL !
does it allow running system commands or a way to dump a file from the 
database to the server?
its  LAMP , Linux, Apache, MySQL, PHP
any ideas!!

use 'into outfile'.  You'll be limited by DB and filesystem permissions,
though.  

   select 'foobar' into outfile '/tmp/blahfoo';

-jon

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault