I sent this to the webappsec mailing list but thought I'd send it here as well looking for some SQL Injection experts.
---------- Forwarded message ---------- I've got a vulnerable web app with a MySQL backend where I can inject into an INSERT query and I want to create a file. With a SELECT I would use a UNION and then SELECT whatever INTO OUTFILE "filename" but how do you do it with an INSERT query? I tried: INSERT INTO size VALUES (22, (SELECT "abc" INTO OUTFILE "/tmp/test")) ; That executes and size gets a new row with 22 and "abc" in it but it doesn't create the file. I also tried an UPDATE and had the same problem: UPDATE size SET big=22 WHERE big = (SELECT "abc" INTO OUTFILE "/tmp/test"); The update happens where big="abc" but no outfile. Can it be done? Robin _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
