Simply record the problems encountered by local mysql injection to read configuration files.
When testing locally, reading the file found that it returned NULL anyway.
>> select load_file('c:/xx/xx/xx/x.txt');
The reason is the new feature of mysql's secure_file_priv.
The secure_file_priv field in the new version of mysql: the secure_file_priv parameter is used to limit the specified directory to which LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() are transferred.
The value of ure_file_priv is null, indicating that mysqld does not allow import/export
When the value of secure_file_priv is /tmp/, it means that the import|export of mysqld can only occur in the /tmp/ directory
When the value of secure_file_priv has no specific value, it means that the import|export of mysqld is not restricted.
Data address: https://segmentfault.com/a/1190000009333563
Solution:
>> show global variables like '%secure%';
The default is NULL.
Modify the mysql.ini or my.ini file and add it under [mysqld]
secure_file_priv =
Save and restart mysql.
Note here that the slash in the path is / instead of \.
load_file, the following path can be a single quote, 0x, char converted string.
load_file can be used as a field in union. Such as: union select 1, load_file('c:/boot.ini'), 3, 4 from tables, etc.
load_file can be used in where clauses. Such as and length(load_file(0x************))>1 (blind)