Reading and writing files
DBMS systems these days provide many facilities, one of which includes the ability to read and write files from the file system. In a classic web application architecture, such as the one depicted as follows, the database server and web server are meant to be run on separate boxes, but there are instances when both are run on the same box and share the same underlying file system. If there is an SQL injection and sufficient conditions (DB privileges, file permissions) are met then we can even upload a backdoor shell or read/download server configurations or files whose locations are generally predefined:
Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.