Identify database user privileges and perform RCE [DB: MySQL, Level: Advanced]

This lab demonstrates how to extract information from the database such as user privileges, user permissions, etc. using a MySQL function. It also shows how to read and write files on the file system and, perform remote code execution on the vulnerable instance.

Lab: Data extraction using MySQL functions.

Database: MySQL

Technique Used: Union query.

Limitations: None

Video Demonstration

Download full PDF Challenge

Back to challenges