HAR: Advanced MySQL Exploitation by Muhaimin Dzulfakar
August 13th, 2009
No comments
Nice way to upload files to a webserver. While there is nothing
new about uploading a file to a web server and then executing it, using SQL injection to do it is a novelty. By using a Zlib compress, base64 encoded payload and uploading them via SQL injection the speaker would be able to bypass standard defenses like extension limiting and file type checking.