帮助查找此 MySQL 页面中的安全漏洞?
我正在尝试查找 MySQL 页面中的安全漏洞。这是学习 SQL 的班级作业。通过文本框,他们将有权访问数据库以提交查询并查看它是否返回正确的数据集。我想知道他们是否可以做任何恶意的事情。
这是 SHOW GRANTS
查询的结果:
Grants for user@localhost
GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'the password'
GRANT SELECT ON `server\_dir`.* TO 'user'@'localhost'
GRANT SELECT ON `server\_dir\_ans`.* TO 'user'@'localhost'
有人能解释一下这些 GRANT
语句的含义吗?什么是*.*
和GRANT USAGE
?我还能对这个网站做些什么来破坏它?
该网站本身是用 PHP 编写的。
作为对 The Rook 的回应,当我执行:
UPDATE mysql.user set Password = password("hacked");
FLUSH PRIVILEGES;
我得到:
Error Number: 1142. UPDATE command denied to user 'user'@'localhost' for table 'user'
Error Number: 1227. Access denied; you need the RELOAD privilege for this operation
正如我所想,用户似乎缺乏执行此操作所需的权限。或者我误解了什么?
I am trying to find security flaws in a MySQL page. It is an assignment for a class learning about SQL. Through a textbox, they will be given access to a database to submit queries and see if it returns the correct data sets. I want to find out if there's anything malicious they could do.
This is the result of a SHOW GRANTS
query:
Grants for user@localhost
GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'the password'
GRANT SELECT ON `server\_dir`.* TO 'user'@'localhost'
GRANT SELECT ON `server\_dir\_ans`.* TO 'user'@'localhost'
Can someone explain what these GRANT
statements mean? What is *.*
and GRANT USAGE
? What else can I do to this site to break it?
The site itself is written in PHP.
In response to The Rook, when I execute:
UPDATE mysql.user set Password = password("hacked");
FLUSH PRIVILEGES;
I get back:
Error Number: 1142. UPDATE command denied to user 'user'@'localhost' for table 'user'
Error Number: 1227. Access denied; you need the RELOAD privilege for this operation
As I thought, it appears that the user lacks permissions necessary to do this. Or am I misunderstanding something?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
*.*
表示所有数据库上的所有表。安全缺陷在 php 中比在 msyql 中更常见,请参阅此 Wikipedia 文章了解常见问题:SQL注射。
GRANT USAGE
表示没有权限。*.*
means all tables on all databases.The flaws in security will happen more in the php than in the msyql, see this Wikipedia article for common issues: SQL Injection.
GRANT USAGE
means no privileges.