Reading and writing files
DBMS systems these days provide many facilities, one of which includes the ability to read and write files from the file system. In a classic web application architecture, such as the one depicted as follows, the database server and web server are meant to be run on separate boxes, but there are instances when both are run on the same box and share the same underlying file system. If there is an SQL injection and sufficient conditions (DB privileges, file permissions) are met then we can even upload a backdoor shell or read/download server configurations or files whose locations are generally predefined:
A simple web application architecture. (Source: http://tutorials.jenkov.com/)
Checking privileges
Using a similar error-based example, let us first check to see if the database user has FILE privileges or not. To get this we'll use the --privileges switch in SQLMap as follows:
./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --privileges
The output is shown in the following...
