as the title states I don't understand the relation between permission to access a db and the permission to write/read files on the underlying OS.
In one of my latest CTF's I had to obtain access to a database and then read files of the server containing the flag. I know this is only possible if the compromised user has the file privilege, but my question remains the same.
Sqlmap states in its features it can accomplish this:
Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Now my specific questions:
- What is the core feature/problem that allows this OS access?
- Why are the permission connected?
- Are other DBMS also vulnerable to this and is it a general problem (meaning sqlmap just doesn't provide the exploit for other dbms yet)?
In my eyes the permissions should be treated differently and the db user should not have permissions on the OS, except the files with relation to the DBMS.
Thanks in advance, I know the question is not limited to one aspect and contains various fundamental topics. I'm also willing to do more research, but maybe there is an answer that facilitates my learning process.