Full Disclosure mailing list archives
Re: MySQL trick for SQL injection
From: Valdis.Kletnieks () vt edu
Date: Fri, 06 Nov 2009 11:37:28 -0500
On Fri, 06 Nov 2009 10:04:54 CST, Paul Schmehl said:
What privileges did the user who performed the select have? INTO OUTFILE is a dangerous routine (as you've clearly demonstrated), but that privilege must be specifically granted to a user before it's possible to execute it. No sensible administrator would grant the FILE privilege to a webserver application's database acccount.
Very true, but a good blackhat always keeps a good supply of ways to exploit common stupid administrator mistakes. I'd not be surprised in the least if more than 10% of the sites, some admin under time pressure to Just Fix It assigned FILE privs to get the web application back up and running.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySQL trick for SQL injection Vladimir Vorontsov (Nov 06)
- Re: MySQL trick for SQL injection Paul Schmehl (Nov 06)
- Re: MySQL trick for SQL injection Valdis . Kletnieks (Nov 06)
- Re: MySQL trick for SQL injection Tim (Nov 06)
- Re: MySQL trick for SQL injection Paul Schmehl (Nov 06)
- Re: MySQL trick for SQL injection Valdis . Kletnieks (Nov 06)
- Re: MySQL trick for SQL injection Paul Schmehl (Nov 06)