1. Tips for writing files when the Mysql database supports union:
using conventional union writing, you can see that the previous field occupancy will definitely be written, and the result is the same if it is replaced with null. This is nothing for shell writing Big problem, mysql writes Shell tips, but if it is used to write bat, mof, vbs and other files, there will be problems, so how to get rid of this and only write the content we need? Just use hex encoding.
Use hex encoding to write the content we want to write in each field bit in segments, so that we can only write the content we need.
2. When writing when union is not supported, many people don’t know this method. They think that to write content, they must support union. If you read an article, you don’t need to support this method.
Syntax: select * from admin where id=1 into outfile 'F:\WWW\phpinfo.php' fields terminated by '<? phpinfo(); ?>'%23 You can see that it was successfully written, but this method has a
drawback That is, the queried data must be greater than or equal to 2 or more before the content can be written. The number of written content = the queried data-1. It can be seen that
when we make the previous data wrong and cannot find the data, the write is Failure.
Look at the situation in sqlmap:
it can be clearly seen that there is also this method of writing in sqlmap. (burp captures sqlmap data packets: add --proxy "http://127.0.0.1:8080/" and you can see the request in burp)
of course