RDot

RDot (https://rdot.org/forum/index.php)
-   Сервисы, БД, Серверы/Network services, Databases, Servers (https://rdot.org/forum/forumdisplay.php?f=23)
-   -   Эксплуатация IO MySQL без FILE_PRIV (https://rdot.org/forum/showthread.php?t=2633)

d0znpp 24.02.2013 01:58

Эксплуатация IO MySQL без FILE_PRIV
 
Код:

LOAD DATA LOCAL
http://dev.mysql.com/doc/refman/5.5/...ata-local.html

Цитата:

To deal with these problems, we changed how LOAD DATA LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2 (4.0.13 on Windows):

By default, all MySQL clients and libraries in binary distributions are compiled with the -DENABLED_LOCAL_INFILE=1 option, to be compatible with MySQL 3.23.48 and before.

If you build MySQL from source but do not invoke CMake with the -DENABLED_LOCAL_INFILE=1 option, LOAD DATA LOCAL cannot be used by any client unless it is written explicitly to invoke mysql_options(... MYSQL_OPT_LOCAL_INFILE, 0). See Section 22.8.3.49, “mysql_options()”.

You can disable all LOAD DATA LOCAL statements from the server side by starting mysqld with the --local-infile=0 option.

For the mysql command-line client, enable LOAD DATA LOCAL by specifying the --local-infile[=1] option, or disable it with the --local-infile=0 option. For mysqlimport, local data file loading is off by default; enable it with the --local or -L option. In any case, successful use of a local load operation requires that the server permits it.

If you use LOAD DATA LOCAL in Perl scripts or other programs that read the [client] group from option files, you can add the local-infile=1 option to that group. However, to keep this from causing problems for programs that do not understand local-infile, specify it using the loose- prefix:

[client]
loose-local-infile=1
If LOAD DATA LOCAL is disabled, either in the server or the client, a client that attempts to issue such a statement receives the following error message:

ERROR 1148: The used command is not allowed with this MySQL version

SynQ 24.02.2013 10:06

https://rdot.org/forum/showthread.php?t=741

d0znpp 24.02.2013 13:39

)%)))

d0znpp 24.02.2013 15:06

Смысл в том, что здесь файл берется с клиента. То есть при системе в два сервера - БД и сервер приложений, вы таким образом положите в таблицу БД файл с сервера приложений, а load_file прочитал бы файл с сервера БД.

d0znpp 24.02.2013 19:17

Это реально хороши известный факт, который почему-то не особо описан.
То есть раздел "6.1.6. Security Issues with LOAD DATA LOCAL" черным по белому говорит о нем.
Какой странный ужас :)

Beched 08.08.2019 13:42

Спущено из lvl2


Часовой пояс GMT +3, время: 19:34.

Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd. Перевод: zCarot