MySQL allows users to load custom libraries ( .dll on Windows, .so on Linux) to create custom functions. If you have write access to the MySQL plugin directory (or can find a writable directory), you can compile a malicious library that allows you to execute system commands. Tamilyogi 2007 Better Online
You don't need to load data into a table; you can load it directly into a result set using LOAD_FILE() . Hot College Girls Lesbians Kissing On Webcam Official
Based on the verified methodology, one of the most "interesting" (and often overlooked) features is the ability to read and write files to the underlying operating system using standard SQL queries , which effectively turns the database into a file system browser or a reverse shell generator.
Here are the two most interesting facets of this feature: If the MySQL user has the FILE privilege and the secure_file_priv configuration allows it (or is empty), you can read arbitrary files from the server's disk using a standard SELECT statement.