Challenge 6: Identify database user privileges and perform RCE [DB: MySQL, Level: Advanced]

This lab demonstrates how to extract information from the database such as user privileges, user permissions, etc. using a MySQL function. It also shows how to read and write files on the file system and, perform remote code execution on the vulnerable instance.

Lab: Data extraction using MySQL functions.
Database: MySQL
Technique Used: Union query
Limitations: None

Video Demonstration



Documentation

 

More Challenges in SQL Injection Lab