hola, This should work on most systems. If it does not work, you should try to find a more priviledged user-account. 1) Create a new table "name" with one huge character or text field; 2) Insert your favourite string .. INSERT INTO name VALUES("whatever you want"); 3) Select above into file .. SELECT * FROM name INTO OUTFILE '/dir/file.ext'; if you have a web-server running on the same machine it should be possible to create a server-side script (asp,php,ssi oO.) for your intention. if this specific account is not allowed to use "INTO OUTFILE" try to escalate the privs. rc securityat_private http://www.freefly.com/security/ >Hi everybody. >I need to demonstrate not only the capability to drop databases and >modify >data, but to execute system commands and/or get files not accesable >via >web-server. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:36:49 PDT