My name is Johannes Dahse and I am studying “IT-Security” at the Ruhr University Bochum in Germany. Beside my studies I read a lot about websecurity and experiment with it, write some codes for smaller projects and love to participate at Capture The Flag-style webapphacking competitions. I also like to work out, and hang out with friends and grab some beers.
Contact: johannesdahse at gmx dot de
November 24, 2008 at 7:13 pm |
Hi,
i found your articles very informative. i learned a lot from it. thats why i want to thank you and provide you with some piece of information.
you wrote that there is no way to give a path to load_file not using ‘quotes ‘
actually there is a way:
SELECT CONCAT(‘0x’,HEX(‘/path/to/file.php’));
that gives you a pathname in hex (could be done in other ways):
0×2F706174682F746F2F66696C652E706870
and now we can use it like this:
SELECT load_file(0×2F706174682F746F2F66696C652E706870);
and it works for me in 5.0.32-Debian_7etch6-log
November 24, 2008 at 9:51 pm |
hi, glad you like them. thanks for your hint but I was referring to INTO OUTFILE when I wrote that the quotes are definetly neccessary for the path. you probably mixed up the articles
load_file() of course accepts encoding as any other function, but INTO OUTFILE as being an operation, not a function, doesnt support a way to avoid quotes (afaik).