SQL注入 | mysql寫入文件 | 讀取文件

mysql 新版本下secure-file-priv字段 ： secure-file-priv參數是用來限制LOAD DATA, SELECT … OUTFILE, and LOAD_FILE()傳到哪個指定目錄的。

ure_file_priv的值爲null ，表示限制mysqld 不允許導入|導出。

當secure_file_priv的值爲/tmp/ ，表示限制mysqld 的導入|導出只能發生在/tmp/目錄下。

當secure_file_priv的值沒有具體值時，表示不對mysqld 的導入|導出做限制。
https://www.cnblogs.com/missmzt/p/7676800.html

mysql> show global variables like '%secure%';
+--------------------------+-----------------------+
| Variable_name            | Value                 |
+--------------------------+-----------------------+
| require_secure_transport | OFF                   |
| secure_file_priv         | /var/lib/mysql-files/ |
+--------------------------+-----------------------+
2 rows in set (0.04 sec)

//讀文件(只允許讀)[ secure_file_priv | /var/lib/mysql-files/ ]
mysql> select load_file('/var/lib/mysql-files/1.php') ;
+------------------------------------------------------------------------------------------------------------------------------------+
| load_file('/var/lib/mysql-files/1.php')                                                                                            |
+------------------------------------------------------------------------------------------------------------------------------------+
| <?php
|phpinfo();
|?>																							
|
+------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)


//寫文件
mysql> mysql> select '<php? phpinfo(); ?>' into outfile '/var/lib/mysql-files/2.php';
Query OK, 1 row affected (0.04 sec)

mysql> select load_file('/var/lib/mysql-files/2.php') ;
+-----------------------------------------+
| load_file('/var/lib/mysql-files/2.php') |
+-----------------------------------------+
| <php? phpinfo(); ?>					  |
|     						              |
+-----------------------------------------+
1 row in set (0.00 sec)

sql注入寫shell：https://blog.csdn.net/SKI_12/article/details/84921289