Reading and Writing File Exploitation in SQLi Doesn't Work
jtheanalytica opened this issue · 2 comments
jtheanalytica commented
Hi Jeremy.
When I attempt to read files from server - using LOAD_FILE('/etc/passwd'), I don't get anything.
Also when attempting to write a file, I get an error.
Please note that I'm able to do the above techniques in the Metasploitable VM.
https://sourceforge.net/projects/metasploitable/
Thanks
jtheanalytica commented
Wanted to add that I'm working on Oracle VM. Debian 11. MySQL server. Apache2 web server.
jtheanalytica commented
I found the solution to that. Not related to Mutillidae. Rather to MySQL:
mysql> SHOW VARIABLES LIKE "secure_file_priv";
I disabled it you by addding [secure-file-priv = "" ] to my.cnf
All sorted out now.
Thanks