On Fri, 06 Nov 2009 10:04:54 CST, Paul Schmehl said: > What privileges did the user who performed the select have? > > INTO OUTFILE is a dangerous routine (as you've clearly demonstrated), but > that > privilege must be specifically granted to a user before it's possible to > execute it. No sensible administrator would grant the FILE privilege to a > webserver application's database acccount. Very true, but a good blackhat always keeps a good supply of ways to exploit common stupid administrator mistakes. I'd not be surprised in the least if more than 10% of the sites, some admin under time pressure to Just Fix It assigned FILE privs to get the web application back up and running.
Attachment:
pgp0ZVZR522GV.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/