Hello! On Thu, 7 Feb 2002, Jaan Sarv wrote:
> > "LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS " > > . "TERMINATED BY '__THIS_NEVER_HAPPENS__' " > > . "ESCAPED BY '' " > > . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'", > > If I understand correctly, you need FILE privileges on the MySQL server for > this exploit to function properly. So this seems like a misconfiguration > problem, not a security hole. No, you are not right. This is *php* problem because of keyword "LOCAL" in query. The files accessed locally (by locally installed php4-mysql module)! Best regards, Dmitry N. Hramtsov
