17.06.2008, 20:08
|
|
Members of Antichat - Level 5
Регистрация: 25.02.2007
Сообщений: 495
Провел на форуме:
3244717
Репутация:
1980
|
|
i can load_file /etc/passwd and some *.php files but unfornately im unable to load_file some files like .htaccess and *php of some vhosts, this happen because its related to that file permissions or file_priv?
it is definitely related to the file permissions; as a rule, if file_priv is turned on only file permissions restrict an attacker
since i cannot read all content of a file, does load_file have limit of size when load files? how can i bypass this?
yes, load_file has a size limit which is defined by max_allowed_packet variable
More info:
LOAD_FILE
max_allowed_packet
its possible using outfile when magic_quotes are on? because i tryed this on other machines using char, hex encoding and none of this worked, there is any solution for this?
unfortunately, it is not possible, into_outfile accepts only a value between quotes.
More info:
INTO OUTFILE
its possible updating the content of a field, for later when page displayed execute php code?
it depends on a certain web application; if it is prone to a php-include vulnerability so that web-app gets data from database and executes it then you can modify some fields and as a result you'll get a web-shell. However that is very rare situation. It happens much more often when you have a sql-injection where one of the columns is supposed to be opened as a file, and sometimes to be included as script. The latter is also rare
|
|
|