mysql 新版本下secure-file-priv字段 : secure-file-priv參數是用來限制LOAD DATA, SELECT … OUTFILE, and LOAD_FILE()傳到哪個指定目錄的。
ure_file_priv的值爲null ,表示限制mysqld 不允許導入|導出。
當secure_file_priv的值爲/tmp/ ,表示限制mysqld 的導入|導出只能發生在/tmp/目錄下。
當secure_file_priv的值沒有具體值時,表示不對mysqld 的導入|導出做限制。
https://www.cnblogs.com/missmzt/p/7676800.html
mysql> show global variables like '%secure%';
+--------------------------+-----------------------+
| Variable_name | Value |
+--------------------------+-----------------------+
| require_secure_transport | OFF |
| secure_file_priv | /var/lib/mysql-files/ |
+--------------------------+-----------------------+
2 rows in set (0.04 sec)
//讀文件(只允許讀)[ secure_file_priv | /var/lib/mysql-files/ ]
mysql> select load_file('/var/lib/mysql-files/1.php') ;
+------------------------------------------------------------------------------------------------------------------------------------+
| load_file('/var/lib/mysql-files/1.php') |
+------------------------------------------------------------------------------------------------------------------------------------+
| <?php
|phpinfo();
|?>
|
+------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
//寫文件
mysql> mysql> select '<php? phpinfo(); ?>' into outfile '/var/lib/mysql-files/2.php';
Query OK, 1 row affected (0.04 sec)
mysql> select load_file('/var/lib/mysql-files/2.php') ;
+-----------------------------------------+
| load_file('/var/lib/mysql-files/2.php') |
+-----------------------------------------+
| <php? phpinfo(); ?> |
| |
+-----------------------------------------+
1 row in set (0.00 sec)
sql注入寫shell:https://blog.csdn.net/SKI_12/article/details/84921289