> "LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS " > . "TERMINATED BY '__THIS_NEVER_HAPPENS__' " > . "ESCAPED BY '' " > . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'", If I understand correctly, you need FILE privileges on the MySQL server for this exploit to function properly. So this seems like a misconfiguration problem, not a security hole. Jaan