Security Basics mailing list archives
RE: System Hacked From MySQL Insecurities
From: "Saint Anthony" <saintpatrick () xasamail com>
Date: Fri, 7 Jan 2005 05:13:28 +0100
It is entirely possible to hack your system via MySQL. MySQL runs with root or system permissions? Can we get a CMD from a well crafted query? Not to mention that many people reuse passwords, not that you do. It's a world of possibilities. -Anthony Towry Student -----Original Message----- From: Kalpin Erlangga Silaen [mailto:kalpin () solonet co id] Sent: Wednesday, January 05, 2005 7:03 PM To: security-basics () lists securityfocus com Subject: System Hacked from MySQL Insecurities Dear all, several days ago, someone hacked my test box using the latest FreeBSD. He explained that he rooted my box because he knows my root mysql password. Is it possible to hack system via MySQL ? or he just tricked me and try hide his way ? I am using MySQL 4.0.18 for FreeBSD. My details system: OS: FreeBSD 5.1 MySQL version: 4.0.18 Port : 3306 I opened port 3306 from Internet, so people can use this if they have access/username to MySQL. Thank you. -- --- Kalpin Erlangga Silaen mailto: kalpin () solonet co id URL: http://www.warningnews.com YM: kalpinus MSN: kalpinus IRC: mesra.dal.net nick Kalpin http://www.xasamail.com/
Current thread:
- System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 06)
- RE: System Hacked from MySQL Insecurities Shawn Wall (Jan 06)
- Re: System Hacked from MySQL Insecurities bernie (Jan 07)
- Re: System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 07)
- Re: System Hacked from MySQL Insecurities Danux (Jan 07)
- <Possible follow-ups>
- RE: System Hacked From MySQL Insecurities Saint Anthony (Jan 07)
- RE: System Hacked from MySQL Insecurities Ed Gorski (Jan 07)
- RE: System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 10)
- Re: System Hacked from MySQL Insecurities q q (Jan 14)
- RE: System Hacked from MySQL Insecurities Kalpin Erlangga Silaen (Jan 10)