1

I have access to MySQL database which the current user has FILE privilege. I want to upload a web shell but I do not know the root directory of the web server.

Is it possible to somehow locate the root directory using a SQL query?

Improve this question

    1 Answer 1

    Reset to default
    1

    If you have permissions to write files, you probably have permission to read them, too.

    I'd start from reading web server configuration files, e.g.

    SELECT * LOAD_FILE('/etc/apache2/apache2.conf'); SELECT * LOAD_FILE('/etc/nginx/nginx.conf');

    However, it's not guaranteed that the MySQL has permissions to write to the document root.

    Improve this answer
    1
    • Figured out that the system was running on Alpine Linux, the web server configuration is located at "/opt/apache2/apache2.conf". Thanks!
      – maximillian1
      CommentedAug 29, 2020 at 9:48

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.