I have access to MySQL database which the current user has FILE privilege. I want to upload a web shell but I do not know the root directory of the web server.
Is it possible to somehow locate the root directory using a SQL query?
Asked
Active
Viewed 758 times
1 Answers
0
If you have permissions to write files, you probably have permission to read them, too.
I'd start from reading web server configuration files, e.g.
SELECT * LOAD_FILE('/etc/apache2/apache2.conf');
SELECT * LOAD_FILE('/etc/nginx/nginx.conf');
However, it's not guaranteed that the MySQL has permissions to write to the document root.
Esa Jokinen
- 16,100
- 5
- 50
- 55
-
Figured out that the system was running on Alpine Linux, the web server configuration is located at "/opt/apache2/apache2.conf". Thanks! – maximillian1 Aug 29 '20 at 09:48