RDot: White Hat Security Community

RDot: White Hat Security Community (https://rdot.org/forum/index.php)
-   Сервисы, БД, Серверы/Network services, Databases, Servers (https://rdot.org/forum/forumdisplay.php?f=23)
-   -   Эксплуатация IO MySQL без FILE_PRIV (https://rdot.org/forum/showthread.php?t=2633)

d0znpp 24.02.2013 02:58

Эксплуатация IO MySQL без FILE_PRIV



To deal with these problems, we changed how LOAD DATA LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2 (4.0.13 on Windows):

By default, all MySQL clients and libraries in binary distributions are compiled with the -DENABLED_LOCAL_INFILE=1 option, to be compatible with MySQL 3.23.48 and before.

If you build MySQL from source but do not invoke CMake with the -DENABLED_LOCAL_INFILE=1 option, LOAD DATA LOCAL cannot be used by any client unless it is written explicitly to invoke mysql_options(... MYSQL_OPT_LOCAL_INFILE, 0). See Section, “mysql_options()”.

You can disable all LOAD DATA LOCAL statements from the server side by starting mysqld with the --local-infile=0 option.

For the mysql command-line client, enable LOAD DATA LOCAL by specifying the --local-infile[=1] option, or disable it with the --local-infile=0 option. For mysqlimport, local data file loading is off by default; enable it with the --local or -L option. In any case, successful use of a local load operation requires that the server permits it.

If you use LOAD DATA LOCAL in Perl scripts or other programs that read the [client] group from option files, you can add the local-infile=1 option to that group. However, to keep this from causing problems for programs that do not understand local-infile, specify it using the loose- prefix:

If LOAD DATA LOCAL is disabled, either in the server or the client, a client that attempts to issue such a statement receives the following error message:

ERROR 1148: The used command is not allowed with this MySQL version

SynQ 24.02.2013 11:06


d0znpp 24.02.2013 14:39


d0znpp 24.02.2013 16:06

Смысл в том, что здесь файл берется с клиента. То есть при системе в два сервера - БД и сервер приложений, вы таким образом положите в таблицу БД файл с сервера приложений, а load_file прочитал бы файл с сервера БД.

d0znpp 24.02.2013 20:17

Это реально хороши известный факт, который почему-то не особо описан.
То есть раздел "6.1.6. Security Issues with LOAD DATA LOCAL" черным по белому говорит о нем.
Какой странный ужас :)

Beched 08.08.2019 12:42

Спущено из lvl2

Часовой пояс GMT +3, время: 11:01.

Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd. Перевод: zCarot