Full Disclosure mailing list archives
Re: User bypass privs for Mysql??
From: Ben Nelson <lists () venom600 org>
Date: Tue, 18 May 2004 09:48:02 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What permissions DID you have prior to editing your grants. How did you edit the grant (i.e. update user set Grant_priv = 'Y' where user = 'floobie' ). What version of mysql? Did you log in as yourself to edit the grants, or as another user? Also, you say you edited your 'Grant' from N to Y and then you instantly had all privs? Or did you edit you Grant from N to Y and then go grant yourself all privs? More information please. - --Ben Esler, Joel - Contractor wrote: | Not having any grant permissions. I went into the mysql/user table and | edited the Grant from N to Y. Logged out and logged back in, and I had | full privs including Grant. I shouldn't be able to do this... | | Joel | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqjAy3cL8qXKvzcwRAioXAKDehUyxUG/0LAVSEkbceyakaDrJPgCg2D0K 18yk4tactzaEoZFlJb4YKnw= =LvSo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- User bypass privs for Mysql?? Esler, Joel - Contractor (May 18)
- Re: User bypass privs for Mysql?? James Bliss (May 18)
- Re: User bypass privs for Mysql?? Ben Nelson (May 18)
- RE: User bypass privs for Mysql?? Remko Lodder (May 18)
- Re: User bypass privs for Mysql?? Michael Gargiullo (May 18)
- <Possible follow-ups>
- RE: User bypass privs for Mysql?? Esler, Joel - Contractor (May 18)
- Re: User bypass privs for Mysql?? Maarten (May 18)
- Re: User bypass privs for Mysql?? Ben Nelson (May 18)
- RE: User bypass privs for Mysql?? Esler, Joel - Contractor (May 18)
- Re[2]: User bypass privs for Mysql?? npguy (May 18)