Hi all,
I’m working through the SQL Injection Fundamentals, and at the section entitled “Writing Files”.
As per the documentation on the page, I’ve been able to confirm the database is root, has ‘FILE’ privileges and that the ‘secure_file_prive’ is blank (NOT Null!).
However, when I trying to upload the payload of cn’ union select “”,‘<?php system($_REQUEST[0]); ?>’, “”, “” into outfile ‘/var/www/html/shell.php’ I get an error of “Can’t create/write to file ‘/var/www/html/shell.php’ (Errcode: 13 “Permission denied”)”.
Has anyone had this issue. Not entirely sure where I’m going wrong. The only thing I can think of is if root (I’ve confirmed we’re running MariaDB as root) doesn’t have access to that folder…
Any help would be appreciated. Many thanks, all.