[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] User bypass privs for Mysql??

To: "Esler, Joel - Contractor" <joel.esler@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] User bypass privs for Mysql??
From: Ben Nelson <lists@xxxxxxxxxxxx>
Date: Tue, 18 May 2004 09:48:02 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What permissions DID you have prior to editing your grants.  How did you
edit the grant (i.e.  update user set Grant_priv = 'Y' where user =
'floobie' ).  What version of mysql?  Did you log in as yourself to edit
the grants, or as another user?  Also, you say you edited your 'Grant'
from N to Y and then you instantly had all privs?  Or did you edit you
Grant from N to Y and then go grant yourself all privs?

More information please.

- --Ben


Esler, Joel - Contractor wrote:
| Not having any grant permissions.  I went into the mysql/user table and
| edited the Grant from N to Y.  Logged out and logged back in, and I had
| full privs including Grant.  I shouldn't be able to do this...
|
| Joel
|
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAqjAy3cL8qXKvzcwRAioXAKDehUyxUG/0LAVSEkbceyakaDrJPgCg2D0K
18yk4tactzaEoZFlJb4YKnw=
=LvSo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] User bypass privs for Mysql??
  - From: Esler, Joel - Contractor

Prev by Date: RE: [Full-Disclosure] Agobot author is a pacifist?
Next by Date: Re: [Full-Disclosure] Buffer Overflow in ActivePerl ?
Previous by thread: [Full-Disclosure] User bypass privs for Mysql??
Next by thread: Re: [Full-Disclosure] User bypass privs for Mysql??
Index(es):
- Date
- Thread