1. Read access:

Here we can use any sql injection technique to load the file from the file system using load_file ().

Step1: create any table or use any existing table

In the above query blob is sql data type, blob means binary large object, here we are using this data type because we accessing binary files and we are storing that files in the table for this length should be more

By default length of the blob is 2 GB

By using load_file () function we are reading the files and we are dumping the data in that file to another file

In sql injection possible area inject the following query

Sometimes the path we specified for loading the file or dumping the file may be correct or may not, all the thing we have to do is try to brute force finally we will get the original path. Like

loading the data in the sample into the table

Step1 and step2 are possible when there is possibility of stacked query sql injection

Stacked query sql injection is nothing but executing multiple queries at a time, like

And here by using any sql injection enumeration technique we can read that file

2. Write access:

Here we can use any sql injection enumeration technique to write the files into file system using dumpfile.

Here we are using stacked query sql injection

Step1: create any table

insert data into the table

And we can alter the data what we are inserted or we can update the data

Step3: Assume that we are having write access to the file system;the thing we are going to do here is dumping the data we are inserted into the table into a file in the file system

Problem with providing filesytem access to the users:

There is a problem of inserting any script into the table and there by dumping the data (i.e., script) from that table into a file in the file system and saving that file with any extension like .exe

Example: here we can use the existing table or if the particular application is vulnerable to stacked query sql injection then we can create a new table based on requirement.

And there by we can get the command shell of the system/server where the database of that application is located.

Leave a Reply

Your email address will not be published. Required fields are marked *