blind sql load_file
Now, here's the deal. I've been trying to get a full path disclosure on this site to make my load_file sufficient. Unfortunately, i can't find one. Out of all the junk and holes this person has in his site, i can't manage to get a f*cking path without being malicious and destroying some stuff/adding a new user into mysql.user.
Anyways, i was wondering if it's possible to somehow grab a path from within the sql injection. I've already tried to execute phpinfo() into an outfile, but it has some problems with that.
And…i have no restrictions and it's MySQL
Just presents me with a blank page, same as 1=0.
Um…let's see. Let me show you what i'm doing:
markuphttp://www.site.com/notreal/blah.php?fu=16999/**/UNION/**/ALL/**/SELECT/**/null,null,null,null,char(60,63,112,104,112,32,112,104,112,105,110,102,111,40,41,59,63,62),null,null,null,9,null,null,null,null,null,null,null,null/**/INTO/**/OUTFILE(char(47,98,108,97,104,47,121,101,115,46,112,104,112))/*
nights_shadow wrote: Now, here's the deal. I've been trying to get a full path disclosure on this site to make my load_file sufficient. Unfortunately, i can't find one. Out of all the junk and holes this person has in his site, i can't manage to get a f*cking path without being malicious and destroying some stuff/adding a new user into mysql.user.
Path as in full server path?
Example: /var/www/site.com/public_html/
If you want something like that, try this:
?getVar[]=someVal
That should spit out an error as it tries to push an array to a string ;)