O'Reilly logo

The Database Hacker's Handbook: Defending Database Servers by Bill Grindlay, John Heasman, Chris Anley, David Litchfield

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hacking MySQL

This section covers the following:

  • SQL injection in MySQL
  • Known MySQL bugs
  • Trojanning MySQL
  • Dangerous extensions: MyLUA and MyPHP

SQL Injection in MySQL

SQL injection is probably the most worrying attack on a MySQL system because it's the most probable initial attack vector on an Internet-connected server. Using SQL injection, it is possible to use the database server as a beachhead into the internal network — or at least, the network that the MySQL server is in — and as a platform for launching further attacks.

Frequently, applications inadvertently allow the execution of arbitrary queries in their database backends, by neglecting to vet incoming data. The problem occurs when an application creates a string that holds a SQL query, and includes user-supplied data in that string without applying any input validation.

Imagine a login form where the user supplies a username and password. This data is passed to a database query directly, so if the user inputs the username fred and the password sesame into the form, the SQL query looks like this:

select * from tblUsers where username = 'fred' and password = 'sesame'

In this example, the problems occur when the user specifies a string with a single quote in it. The user can submit a username like this:

fred'#

which will result in the SQL query string

select * from tblUsers where username = 'fred'#' and password = 'sesame'

which of course will log the user on as fred without knowing fred's password, because the database ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required