Howto: SQL Injection Using MySQL LOAD_FILE() and INTO OUTFILE()

If you want to see all, please go to the Source.

MySQL LOAD_FILE() reads the file and returns the file contents as a string. 

SYNTAX : LOAD_FILE(file_name) /* file_name should be a name of a file appended with a path. */

Ohw wait?! Path? Yes you read me right! In that case an attacker could possibly do a directory traversal just like the Local File Inclusion (LFI) attack.

Suppose we found