Root Access Through a User-installed MySQL Backdoor
Did you know that you can gain root shell access (or system level access on Windows) through quirks in the load_file feature of MySQL? Hopefully you've locked down your system to prevent that.
February 7, 2007
You might be one the countless people who use MySQL on your network. After all, it's a great open source database platform. As with any network service, you shouldn't use it without locking it down to at least some extent because it can be used for nefarious purposes.
For example, did you know that someone can gain root shell access (or system level access on Windows) through quirks in the load_file feature if a user takes advantage of it in a certain way? There's some code for Linux and Windows that does exactly that unless you taken precautions against it. Go to this site and look for the raptor_udf* files.
If you need to secure your MySQL installation then read the paper over at NGS Software, "Hackingproofing MySQL" for some good insight and a decent lockdown checklist.
About the Author
You May Also Like