盒子
盒子

mysql load_file函数一些敏感路径

本文列举一些load_file会涉及的一些目录,不定时更新

当渗透测试过程中我们会遇到mysql用户的权限比较大,我们可以写文件,但是不知道网站路径。或者有权限执行load_file()函数。列举下可以读取的一些路径。
以下路径大部分参考sqlnuke中的配置文件
Linux系统

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
- /etc/passwd    
- /etc/shadow
- /etc/group
- /etc/hosts
- /etc/issue
- /etc/apache2/logs/access.log
- /etc/httpd/access.log
- /etc/init.d/apache/httpd.conf
- /etc/init.d/apache2/httpd.conf
- /usr/local/apache2/conf/httpd.conf
- /usr/local/apache/conf/httpd.conf
- /home/apache/httpd.conf
- /home/apache/conf/httpd.conf
- /opt/apache/conf/httpd.conf
- /etc/httpd/httpd.conf
- /etc/httpd/conf/httpd.conf
- /etc/apache/apache.conf
- /etc/apache/httpd.conf
- /etc/apache2/apache2.conf
- /etc/apache2/httpd.conf
- /usr/local/apache2/conf/httpd.conf
- /usr/local/apache/conf/httpd.conf
- /opt/apache/conf/httpd.conf
- /home/apache/httpd.conf
- /home/apache/conf/httpd.conf
- /etc/apache2/sites-available/default
- /etc/apache2/vhosts.d/default_vhost.include
- /var/www/vhosts/sitename/httpdocs//etc/init.d/apache
- /etc/nginx/nginx.conf

windows系统

1
2
3
4
5
6
- C:/wamp/bin/apache/logs/access.log    
- C:/wamp/bin/mysql/mysql5.5.24/wampserver.conf
- C:/wamp/bin/apache/apache2.2.22/conf/httpd.conf
- C:/wamp/bin/apache/apache2.2.22/conf/wampserver.conf
- C:/wamp/bin/apache/apache2.2.22/conf/httpd.conf.build
- C:/wamp/bin/apache/apache2.2.22/conf/httpd.conf.build