Skip to content

Cookies 🍪

This site uses cookies that need consent.

Learn more

Map

Search PowderGuide

Mysql Hacktricks Verified

If the MySQL user has the FILE privilege and the secure_file_priv configuration allows it (or is empty), you can read arbitrary files from the server's disk using a standard SELECT statement.

The "HackTrick": You don't need to load data into a table; you can load it directly into a result set using LOAD_FILE().

SELECT LOAD_FILE('/etc/passwd');

Why it's interesting:

Pre-requisite: User has FILE privilege (GRANT FILE ON *.*).
Verification:

SELECT grantee, privilege_type FROM information_schema.user_privileges WHERE privilege_type = 'FILE';

Requirement: MySQL running as root or with file_priv + write access to plugin_dir. mysql hacktricks verified

Step-by-step (verified on MySQL 5.x):

Note: In MySQL 8+, UDFs require manual function registration and stricter permissions. If the MySQL user has the FILE privilege

When INTO OUTFILE is blocked, HackTricks guides professionals toward UDF exploitation. This is an advanced technique that involves loading a custom binary library into MySQL to execute system commands.