So today I was reading up on some SQL injection techniques, and came across one that I had not seen before. I found out that it is possible to use a UNION SELECT with the built-in MYSQL LOAD_FILE function, to read the contents of any file on the system. This only works if the user has been granted permission to use the LOAD_FILE function, and of course MYSQL DAEMON must have permission to read the file. Also, I found out that the LOAD_FILE function can read use with HEX decimal characters.

Example Injection:

This will return the contents of the /etc/passwd on a linux machine.

I also came across a handy perl script today that will encode a given string into HEX.

Perl HEX converter:

Note: There is a underscore between LOAD and FILE.

print "Enter string to encode:";
$str=<STDIN>;chomp $str;

$enc = encode($str); print "Hex Encoded value: 0x$enc\n";

sub encode{ #Sub to encode
my $sqlstr =$subvar[0];

@ASCII = unpack("C*", $sqlstr);
foreach $line (@ASCII) {

$encoded = sprintf('%lx',$line);
$encoded_command .= $encoded;

return $encoded_command;