文件名称:Local File Disclosure using SQL Injection
文件大小:1.32MB
文件格式:PDF
更新时间:2021-06-18 03:48:13
SQL Injectio
SQL Injection AKA mother of hacking is one of the notorious and well known vulnerability which has caused lots of damage to cyber world. Researchers has published lots of stuff on different-2 exploitation techniques for conducting various type of attacks including accessing data stored in database, reading/writing code from/to server using load and into outfile in MySQL, performing command execution using SA account in MSSQL. In this paper, we are going to exploit SQL Injection vulnerability in file download function which download file from server on the basis of output returned by vulnerable SQL query.