Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Sql Injection Databases

File Injection

Notes and commands for File Injection.

2025-06-06
Tags websql-injection-databasesfile-injection
Back to Pentest Notes Search Notes

Need 3 things to write files to db

  1. User with FILE privilege enabled
  2. MySQL global secure_file_priv variable not enabled 3. Write access to the location we want to write to on the back-end server

with union

if null -> we can r/w everywhere.

webshell usen

immer shell.php?0=cat /etc/passwd

528d6d9cedc2c7aab146ef226e918396