Home > Backend Development > PHP Tutorial > Mysql is injected with malicious code, how to prevent it from executing?

Mysql is injected with malicious code, how to prevent it from executing?

WBOY
Release: 2016-09-24 09:15:09
Original
1077 people have browsed it

There is a loophole in the database, that is, I have a table, and a piece of data is inserted every two seconds, but I cannot find where the SQL is executed. How can I find this?

-------------------------------Supplement------------------ -------
To be precise, for this vulnerability, as soon as I start mysql, it will always execute this statement. It's like it's bound to something.
Then I show processlist came out with something like this. I don’t know what’s going on

Mysql is injected with malicious code, how to prevent it from executing?

Then query the database, this is the result

Mysql is injected with malicious code, how to prevent it from executing?

The value of the parent_id field inserted by this sql statement is fixed. I don’t know how to get the content field.

————————————————Supplement————————————————

Thank you for your answers. The problem has been solved. I'm ready to run away.

Reply content:

There is a loophole in the database, that is, I have a table, and a piece of data is inserted every two seconds, but I cannot find where the SQL is executed. How can I find this?

-------------------------------Supplement------------------ -------
To be precise, for this vulnerability, as soon as I start mysql, it will always execute this statement. It's like it's bound to something.
Then I show processlist came out with something like this. I don’t know what’s going on

Mysql is injected with malicious code, how to prevent it from executing?

Then query the database, this is the result

Mysql is injected with malicious code, how to prevent it from executing?

The value of the parent_id field inserted by this sql statement is fixed. I don’t know how to get the content field.

————————————————Supplement————————————————

Thank you for your answers. The problem has been solved. I'm ready to run away.

Is your interface being timed by someone?=. =, search for the place where the insertion is performed in this table.

Look for it slowly, see which sql sentence it is, where it will be used, and the user ip linking to mysql

Check if there is something wrong in the planned task

Go through the mysqlbinlog log and record all insertion and update records

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template