2

I am trying to find security flaws in a MySQL page. It is an assignment for a class learning about SQL. Through a textbox, they will be given access to a database to submit queries and see if it returns the correct data sets. I want to find out if there's anything malicious they could do.

This is the result of a SHOW GRANTS query:

Grants for user@localhost
GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'the password'
GRANT SELECT ON `server\_dir`.* TO 'user'@'localhost'
GRANT SELECT ON `server\_dir\_ans`.* TO 'user'@'localhost'

Can someone explain what these GRANT statements mean? What is *.* and GRANT USAGE? What else can I do to this site to break it?

The site itself is written in PHP.

In response to The Rook, when I execute:

UPDATE mysql.user set Password = password("hacked");
FLUSH PRIVILEGES;

I get back:

Error Number: 1142. UPDATE command denied to user 'user'@'localhost' for table 'user'
Error Number: 1227. Access denied; you need the RELOAD privilege for this operation

As I thought, it appears that the user lacks permissions necessary to do this. Or am I misunderstanding something?

OMG Ponies
  • 325,700
  • 82
  • 523
  • 502
Nick Heiner
  • 119,074
  • 188
  • 476
  • 699
  • USAGE is limited, I was mistaken I thought it could modify all databases and tables, my bad. Despite these privileges you still must be careful on how quires are built. Sql injection and "insecure direct object reference" are still problems that you face. – rook Mar 01 '10 at 19:21

1 Answers1

4

*.* means all tables on all databases.

The flaws in security will happen more in the php than in the msyql, see this Wikipedia article for common issues: SQL Injection.

GRANT USAGE means no privileges.

Segfault
  • 8,036
  • 3
  • 35
  • 54