Hacktricks | Mysql

-- All databases SELECT schema_name FROM information_schema.schemata;

-- Remove dangerous UDFs DROP FUNCTION IF EXISTS sys_exec; DROP FUNCTION IF EXISTS sys_eval; mysql hacktricks

-- Find writable directories SHOW VARIABLES LIKE 'secure_file_priv'; -- NULL = no file ops, "" = any dir SHOW VARIABLES LIKE 'datadir'; SHOW VARIABLES LIKE 'plugin_dir'; -- All databases SELECT schema_name FROM information_schema

-- Disable local_infile SET GLOBAL local_infile = 0; DROP FUNCTION IF EXISTS sys_eval

-- Version & OS SELECT version(); SELECT @@version_comment; SELECT @@hostname; -- Current user & privileges SELECT user(); SELECT current_user(); SELECT grantee, privilege_type FROM information_schema.user_privileges;

-- Check for dangerous functions SELECT * FROM mysql.func; -- user-defined functions (UDF) 👑 UDF (User Defined Functions) – SYSTEM shell If secure_file_priv allows writes to plugin dir: