Code Execution Via Injection
Depending on the extent of the vulnerability, SQL injection can be used to execute commands on the remote system. The vulnerability depends on the operating system, service privileges and filesystem permissions.
This is an example to read a file from the filesystem,
This is an example to write a file into the xampp directory,
Few things you need to know before using the above example,
The Operating System in order to be able to write into a specific directory path
The webserver and its meta information
The installation/www directory of the webserver that is serving the pages
Whether DB user has the privilege to write the file in that directory
Last updated