O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Reading and writing files

DBMS systems these days provide many facilities, one of which includes the ability to read and write files from the file system. In a classic web application architecture, such as the one depicted as follows, the database server and web server are meant to be run on separate boxes, but there are instances when both are run on the same box and share the same underlying file system. If there is an SQL injection and sufficient conditions (DB privileges, file permissions) are met then we can even upload a backdoor shell or read/download server configurations or files whose locations are generally predefined:

Reading and writing files

A simple web application ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required