You can do it by dropping it somewhere: SELECT ... INTO OUTFILE for instance. (http://dev.mysql.com/doc/refman/5.0/en/select-into.html)

After which point, you could overwrite a field by using load_file() which returns a file as a single string and populating a known field in a single row that is read and displayed by the application.

(eg: "UPDATE Accounts SET bio=load_file('/etc/passwd') WHERE UserName='prettypinkponi3s';"

If you are injecting blind, you take advantage of the application's lack of input validation from the database to the rendering language. And you've gotta find some values that will allow you to hold the data you're trying to exfil. (Profile pictures, bios, description fields etc etc.)

You can do it by dropping it somewhere: SELECT ... INTO OUTFILE for instance. (http://dev.mysql.com/doc/refman/5.0/en/select-into.html)

After which point, you could overwrite a field by using load_file() which returns a file as a single string and populating a known field in a single row that is read and displayed by the application.

(eg: "UPDATE Accounts SET bio=load_file('/etc/passwd') WHERE UserName='prettypinkponi3s';"

You could even skip that step, and use an update directly in the original injection. And that's sorta the point.

If you are injecting blind, you can take advantage of the application's lack of input validation from the database to the rendering language. And you've gotta find some values that will allow you to hold the data you're trying to exfil. (Profile pictures, bios, description fields etc etc.)