| Feature / Area | Requirement | Capability Unlocked | Risk | Notes |
|---|---|---|---|---|
| DB Enumeration | Any login | Discover DBs, tables, version | ✔ | First recon: WHERE and WHAT |
| Privileges & Grants | SELECT on mysql.* or CURRENT | See what current user can do | ✔ | Shows RCE potential (FILE/SUPER) |
| File Import/Export | secure_file_priv path, FILE | Read/write files via INFILE/OUTFILE | ❌ | Data exfil, webshell drop |
local_infile Uploads | local_infile=ON | Client-side file uploads | ❌ | Can be abused depending on context |
| INTO OUTFILE Webshell | FILE privilege + webroot path | Direct RCE via PHP/webshell | ❌ | Classic SQLi→RCE chain |
| UDF Exploitation (Win) | FILE + plugin_dir write | Load malicious DLL, OS command execution | ❌ | Persistent, powerful RCE |
| UDF Exploitation (Linux) | FILE + plugin_dir write | Load .so and call sys_eval() | ❌ | Often leads to root privesc |
RED TEAM / SQL / MYSQL