October 2nd, 2013, 08:36 AM
-
Arbitrary shell commands via MySQL?
Is it possible for someone that knows the MYSQL password of a server to run arbitrary code on a linux server?
Okey he uses the password and he gain access to the databases, then what? MySQL is a database server how can he run run arbitrary shell commands by using MySQL?
If yes, can you give an example please?
I ask because in accidentaly posted my mysql passowrd of my server and someone have manages to upload a file in my '~/www/
October 2nd, 2013, 12:59 PM
-
It is not. Are you using that password anywhere else? Perhaps posting the password just brought attention to your server and someone found a vulnerability?
October 2nd, 2013, 01:09 PM
-
Yes i have posted a myslq passowrd and perhaps the atatcker used the same password for login too.
Some other guy told me that arbitrary shell comamnds can be run via mysql server.
October 2nd, 2013, 01:13 PM
-
Hi,
MySQL can write files, and this can be used to create scripts (on a poorly configured server). Tools like sqlmap are actually made for gaining shell access through MySQL.
October 2nd, 2013, 02:01 PM
-
Exploits aside,
http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857
For example if
1. Your user has FILE permission
2. The database runs on the same server as your web host
3. You have a SQL injection exploit or the database allows remote access
then yes they can create and execute files. #2 isn't a requirement either but it's trickier without.
October 2nd, 2013, 02:30 PM
-
For example if
1. Your user has FILE permission
2. The database runs on the same server as your web host
3. You have a SQL injection exploit or the database allows remote access
then yes they can create and execute files. #2 isn't a requirement either but it's trickier without.
1. Most non-DBA's often create superusers to use in their websites (so MySQL never complains that you don't have the rights to do something)
2. Most VPSses do that (why get two servers if one will do)
3. I think you know how bad some people are at writing safe code :-)
And if the poor soul who setup MySQL is running it under root, well...
So yes, it's much more likely to be a serious threat than you might think when looking at the prerequisites.
Comments on this post