Works if MySQL has write access to target directory and log file is not in use.
The HackTricks MySQL Pentesting Guide provides a comprehensive methodology for identifying, enumerating, and exploiting MySQL services. The following sections detail the core techniques for interacting with MySQL as part of a security assessment. 1. External Enumeration & Connection mysql hacktricks verified
SET GLOBAL init_file = '/tmp/evil.sql';
-- Read SSH keys (if MySQL running as root — rare but possible) SELECT LOAD_FILE('/root/.ssh/id_rsa'); Works if MySQL has write access to target