Re: [WEB SECURITY] Create File in mysql injection

From: Rodrigo Montoro (Sp0oKeR) <spooker_at_nospam>
Date: Sun Mar 02 2008 - 14:39:18 GMT
To: "Simorgh Security" <simorgh.security@gmail.com>

You could use system .

mysql> system touch /tmp/spookerlabs ;
mysql> system ls -la /tmp/spookerlabs ;
-rw-rw-r-- 1 spooker spooker 0 Mar 2 11:44 /tmp/spookerlabs mysql>

But you will have only apache privilegies to create your file. Try:

mysql> system id ;

Regards,

Rodrigo Montoro (Sp0oKeR)

On Sat, Mar 1, 2008 at 10:00 AM, Simorgh Security <simorgh.security@gmail.com> wrote:
> In The name Of god .\
>
> I have Question .
>
> I can't Creat File in server with sql injection .
> mysql user : root
> mysql version :4.0.2
>
>
> please help me . thanks .
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
-- =============================== Rodrigo Montoro (Sp0oKeR) Security Analyst SnortCP / RHCE / LPIC-I / MCSO http://www.spookerlabs.com.br http://www.linkedin.com/in/spooker =============================== ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

This message: [ Message body ]
Next message: A. Ramos: "Re: [WEB SECURITY] Create File in mysql injection"
Previous message: Simorgh Security: "[WEB SECURITY] Create File in mysql injection"
In reply to: Simorgh Security: "[WEB SECURITY] Create File in mysql injection"
Next in thread: A. Ramos: "Re: [WEB SECURITY] Create File in mysql injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]