SQL注入 | mysql写入文件 | 读取文件

mysql 新版本下secure-file-priv字段 ： secure-file-priv参数是用来限制LOAD DATA, SELECT … OUTFILE, and LOAD_FILE()传到哪个指定目录的。

ure_file_priv的值为null ，表示限制mysqld 不允许导入|导出。

当secure_file_priv的值为/tmp/ ，表示限制mysqld 的导入|导出只能发生在/tmp/目录下。

当secure_file_priv的值没有具体值时，表示不对mysqld 的导入|导出做限制。
https://www.cnblogs.com/missmzt/p/7676800.html

mysql> show global variables like '%secure%';
+--------------------------+-----------------------+
| Variable_name            | Value                 |
+--------------------------+-----------------------+
| require_secure_transport | OFF                   |
| secure_file_priv         | /var/lib/mysql-files/ |
+--------------------------+-----------------------+
2 rows in set (0.04 sec)

//读文件(只允许读)[ secure_file_priv | /var/lib/mysql-files/ ]
mysql> select load_file('/var/lib/mysql-files/1.php') ;
+------------------------------------------------------------------------------------------------------------------------------------+
| load_file('/var/lib/mysql-files/1.php')                                                                                            |
+------------------------------------------------------------------------------------------------------------------------------------+
| <?php
|phpinfo();
|?>																							
|
+------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)


//写文件
mysql> mysql> select '' into outfile '/var/lib/mysql-files/2.php';
Query OK, 1 row affected (0.04 sec)

mysql> select load_file('/var/lib/mysql-files/2.php') ;
+-----------------------------------------+
| load_file('/var/lib/mysql-files/2.php') |
+-----------------------------------------+
| <php? phpinfo(); ?>					  |
|     						              |
+-----------------------------------------+
1 row in set (0.00 sec)

sql注入写shell：https://blog.csdn.net/SKI_12/article/details/84921289