hola,
This should work on most systems.
If it does not work, you should try to find a more priviledged user-account.
1) Create a new table "name" with one huge character or text field;
2) Insert your favourite string .. INSERT INTO name VALUES("whatever you
want");
3) Select above into file .. SELECT * FROM name INTO OUTFILE
'/dir/file.ext';
if you have a web-server running on the same machine it should be possible
to create a server-side script (asp,php,ssi oO.) for your intention.
if this specific account is not allowed to use "INTO OUTFILE" try to
escalate the privs.
rc
securityat_private
http://www.freefly.com/security/
>Hi everybody.
>I need to demonstrate not only the capability to drop databases and >modify
>data, but to execute system commands and/or get files not accesable >via
>web-server.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:36:49 PDT