In this case we are going to take advantage of a sql injection error to be able to “jump” to other vulnerabilities.

For this we have to have write permissions and know the path where the server is mounted, they can do it with an @@datadir, in this case I have the path on the error screen.

#sql #sql injection #rce

Jumping from SQL injection to RCE
1.40 GEEK