Principle Analysis:
1. triggers are supported after Mysql5, And the TRG and TRN files (in Linux) are automatically generated in the/var/lib/mysql directory after the trigger is created ).
For example, create the following trigger:
Generate the t. TRG and t_trigger.TRN files in the/var/lib/mysql directory as follows:
In the t. TRG file, you can see that the trigger is "Bound" to the user who created the trigger through DEFINER, and the user's permissions are granted during execution.
2. use the file Permission (file read/write permission) of a mysql user to directly add trigger TRG and TRN files to "bind" them to the default mysql administrator root @ localhost user, the trigger file is an SQL statement that improves mysql user permissions.
3. Use the stack overflow vulnerability that was found to refresh the server configuration so that the trigger file can be identified and have the root @ localhost permission during trigger execution to improve mysql user permissions.
Preventive measures:
1. Because the elevation of permission can be remotely exploited, the administrator should disable Mysql Remote Management and only allow local users to connect.
2. In line with the minimum permission principle, the minimum permission should be configured for connected users. Do not assign high-risk permissions such as all and file.
Some of the following are some of the key codes of exp. tested version 5.5 is affected:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
