HAR: Advanced MySQL Exploitation by Muhaimin Dzulfakar
Nice way to upload files to a webserver. While there is nothing
new about uploading a file to a web server and then executing it, using SQL injection to do it is a novelty. By using a Zlib compress, base64 encoded payload and uploading them via SQL injection the speaker would be able to bypass standard defenses like extension limiting and file type checking.
Unfortunately his demonstration turned into a demonstruction, even tough he managed to upload the file, the payload did not execute. The payload did however execute when he visited the uploaded php file himself, clearly demonstrating the exploit technique works.
The exploit works on WAMP platforms (Windows, Apache, MySQL, PHP) and may work on LAMP platforms (Linux, Apache, MySQL, PHP) but then requires that the user can upload to anywhere in the document root and that the file is then executable, both of which are classical examples of configuration mistakes.