How to drop a shell on a DB

HeavyGhost12 · 15.08.2023

I have this site I'm working on through which i had an endpoint which is vuln to sqli.
Sqlmap was a able to dump the db but when i try to use --os-shell in sqlmap it isn't working.
I want a guide through which i can get a shell on the DB

Dread Pirate Roberts · 15.08.2023

google for "webshell select into outfile"
but you need to find a local path disclosure first.

p1r0man · 16.08.2023

Also sql user should have file_priv for this

mysql.user Table

User access and global privileges.

mariadb.com

raywood · 06.09.2023

HeavyGhost12 сказал(а):

I have this site I'm working on through which i had an endpoint which is vuln to sqli.
Sqlmap was a able to dump the db but when i try to use --os-shell in sqlmap it isn't working.
I want a guide through which i can get a shell on the DB

Because the user who you managing has not write permission.
You can check from here the methods that you can try.

3306 - Pentesting Mysql - HackTricks

book.hacktricks.xyz

How to drop a shell on a DB

HeavyGhost12

floppy-диск

Dread Pirate Roberts

Премиум

p1r0man

(L2) cache

mysql.user Table

raywood

RAID-массив

3306 - Pentesting Mysql - HackTricks