|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 45
Members: 0
Total: 45
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Elevating SQL Priviledges [edit] |
|
Posted: Sat Aug 01, 2009 12:56 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
So I find myself frequently getting SQL access on some particular sites, and the problem is that the sites themselves aren't particulating too titillating. That is to say, little good stuff if you know what I mean.
So is there any way to go about attempting to elevate my priviledges so that I might be able to dabble around in other sites that are hosted on the server? Nothing in particular, and if the answer is a resounding 'no', then that'd be fine too. Just wondering.
Waraxe, got any tricks up your sleeve?
[edit] forgot to mention that I work mostly with MySQL servers, and do try to read other databases and mysql.users but most of the time its blocked.
Anyway, thanks. |
|
|
|
|
Posted: Sun Aug 02, 2009 1:47 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Aug 02, 2009 3:33 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
If you got mysql access and if it's shared hosting, then usually you can't access mysql.user table and do not have FILE privileges for INTO OUTFILE and LOAD_FILE(). There is no direct escalation vectors in current mysql versions that I am aware of. So concentrate your efforts against web application, that is using mysql. Admin privileges in web apps can often lead to php execution level. One more thing to try is mysql root password bruteforce and/or wordlist attack. |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|