[Pauldotcom] Fwd: mysql selecting into outfile in an insert

Ulisses Castro uss.thebug at gmail.com
Wed Jul 21 00:00:04 UTC 2010


MySQL doesn't support stacked querys, unfortunately you can't stack
querys like postgresql, mssql, ...

On Tue, Jul 20, 2010 at 7:09 PM, Michael McGrew
<mmcgrew1 at mail.csuchico.edu> wrote:
> If you can inject SQL could you end the query with ; then start a new
> select query where you use INTO OUTFILE?
>
> This is why it's not working:
> "An INTO clause should not be used in a nested SELECT because such a
> SELECT must return its result to the outer context. "
> http://dev.mysql.com/doc/refman/5.0/en/select.html
>
>
>
> On Tue, Jul 20, 2010 at 2:23 PM, Robin Wood <robin at digininja.org> wrote:
>> I sent this to the webappsec mailing list but thought I'd send it here
>> as well looking for some SQL Injection experts.
>>
>>
>> ---------- Forwarded message ----------
>>
>> I've got a vulnerable web app with a MySQL backend where I can inject
>> into an INSERT query and I want to create a file. With a SELECT I
>> would use a UNION and then SELECT whatever INTO OUTFILE "filename" but
>> how do you do it with an INSERT query?
>>
>> I tried:
>>
>> INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ;
>>
>> That executes and size gets a new row with 22 and "abc" in it but it
>> doesn't create the file.
>>
>> I also tried an UPDATE and had the same problem:
>>
>> UPDATE size SET big=22 WHERE big =  (SELECT "abc" INTO OUTFILE "/tmp/test");
>>
>> The update happens where big="abc" but no outfile.
>>
>> Can it be done?
>>
>> Robin
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>


More information about the Pauldotcom mailing list