Similarly, the can be abused if general_log is not available. The only requirement is that the attacker can change global variables (needs SUPER or SYSTEM_VARIABLES_ADMIN privilege). This technique is extremely effective on MySQL 8.0+ where secure_file_priv = NULL is the default.
Before exploiting, you must fingerprint the environment. Use these verified queries to understand your target. mysql hacktricks verified
(Note: 0x3a is the hex representation of a colon : , used as a delimiter.) 4. File System Interactivity Similarly, the can be abused if general_log is not available
Last verified against: MySQL 8.0.36, MariaDB 10.11.6, Percona Server 8.0. mysql hacktricks verified
SELECT 'evil' INTO OUTFILE '/tmp/mysql_exploit.txt';