| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: remko at elvandar.org (Remko Lodder) Subject: User bypass privs for Mysql?? Hey Joel, Comments inline... -----Oorspronkelijk bericht----- Verzonden: dinsdag 18 mei 2004 16:02 Aan: full-disclosure@...ts.netsys.com Onderwerp: [Full-Disclosure] User bypass privs for Mysql?? J> Not having any grant permissions. I went into the mysql/user table and J> edited the Grant from N to Y. Logged out and logged back in, and I had J> full privs including Grant. I shouldn't be able to do this... That sounds really nice, but when i try to login with a non grant user, with no rights on the db mysql i cannot even use that db. So what i suspect is that you have Update permissions on the table. Can you verify that you have those? If so, i personally think that the situation then is explained. You can alter the information in there, so you can alter your permissions, relogin and have grant options.. What do you say? :-) Cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene mrtg.grunn.org Dutch mirror of MRTG _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists