On Wed, March 23, 2016 10:21 pm, Always Learning wrote:
> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using
> readline 5.1
>
>
> I spotted something strange and immediately installed a routine to
> automatically impose an iptables block when the key used for database
> access is excessively long.
Indeed. There are several flaws in how mysql handles data. This is why to
the best of my ability I am trying to avoid mysql, and use postgresql if
whatever chunk of software I need is designed to work also with
postgresql. And I recommend developers I work with/for the same (to use
postgresql). These are good examples:
https://www.youtube.com/watch?v=1PoFIohBSM4
I know, this may inflame [***]SQL wars here, but I hope, this will help
somewhat those who are not married to mysql (yet).
Just my $0.02
Valeri
>
> My URL was something like this
>
> ...../...../.....php?key=123456
>
> The injection was something like this
>
> ...../...../.....php?key=876711111111111111111111111111' UNION SELECT
> 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
> information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /*
> order by 'as
>
> There are no user permission on information_schema.
>
> There seems to be 2 versions of the coding floating around on Austrian
> and Russian IPs. One is ineffective but the other works. It seems the
> author is expert in the intricate structure and design of SQL.
>
>
>
> --
> Regards,
>
> Paul.
> England, EU. England's place is in the European Union.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
