About

My name is Johannes Dahse and I am studying “IT-Security” at the Ruhr University Bochum in Germany. Beside my studies I read a lot about websecurity and experiment with it, write some codes for smaller projects and love to participate at Capture The Flag-style webapphacking competitions. I also like to work out, and hang out with friends and grab some beers.

Contact: johannesdahse at gmx dot de

2 Responses to “About”

  1. ZinovaS Says:

    Hi,

    i found your articles very informative. i learned a lot from it. thats why i want to thank you and provide you with some piece of information.

    you wrote that there is no way to give a path to load_file not using ‘quotes ‘
    actually there is a way:

    SELECT CONCAT(‘0x’,HEX(‘/path/to/file.php’));
    that gives you a pathname in hex (could be done in other ways):
    0×2F706174682F746F2F66696C652E706870

    and now we can use it like this:
    SELECT load_file(0×2F706174682F746F2F66696C652E706870);

    and it works for me in 5.0.32-Debian_7etch6-log

  2. Reiners Says:

    hi, glad you like them. thanks for your hint but I was referring to INTO OUTFILE when I wrote that the quotes are definetly neccessary for the path. you probably mixed up the articles ;) load_file() of course accepts encoding as any other function, but INTO OUTFILE as being an operation, not a function, doesnt support a way to avoid quotes (afaik).

Leave a Reply