[Pauldotcom] Fwd: mysql selecting into outfile in an insert
uss.thebug at gmail.com
Wed Jul 21 00:00:04 UTC 2010
MySQL doesn't support stacked querys, unfortunately you can't stack
querys like postgresql, mssql, ...
On Tue, Jul 20, 2010 at 7:09 PM, Michael McGrew
<mmcgrew1 at mail.csuchico.edu> wrote:
> If you can inject SQL could you end the query with ; then start a new
> select query where you use INTO OUTFILE?
> This is why it's not working:
> "An INTO clause should not be used in a nested SELECT because such a
> SELECT must return its result to the outer context. "
> On Tue, Jul 20, 2010 at 2:23 PM, Robin Wood <robin at digininja.org> wrote:
>> I sent this to the webappsec mailing list but thought I'd send it here
>> as well looking for some SQL Injection experts.
>> ---------- Forwarded message ----------
>> I've got a vulnerable web app with a MySQL backend where I can inject
>> into an INSERT query and I want to create a file. With a SELECT I
>> would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
>> how do you do it with an INSERT query?
>> I tried:
>> INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;
>> That executes and size gets a new row with 22 and "abc" in it but it
>> doesn't create the file.
>> I also tried an UPDATE and had the same problem:
>> UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE "/tmp/test");
>> The update happens where big="abc" but no outfile.
>> Can it be done?
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> Main Web Site: http://pauldotcom.com
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom