Created
April 5, 2014 08:50
-
-
Save sellvana/9989227 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Abstract: if there's ''@'localhost' user, can login with any username without password, | |
| -- and any users @'%' will be ignored on login. | |
| -------[Root connection]------- | |
| -- All mysql installations I've seen so far have ''@'localhost' user record. | |
| mysql> select host, user from mysql.user; | |
| +-----------+--------+ | |
| | host | user | | |
| +-----------+--------+ | |
| | 127.0.0.1 | root | | |
| | ::1 | root | | |
| | localhost | | | |
| | localhost | root | | |
| +-----------+--------+ | |
| 4 rows in set (0.00 sec) | |
| -------[Another connection]------- | |
| -- This allows login with ANY username without password from localhost! | |
| $ mysql -u myuser -p | |
| Enter password: | |
| Welcome to the MySQL monitor. Commands end with ; or \g. | |
| Your MySQL connection id is 11222 | |
| Server version: 5.6.16 MySQL Community Server (GPL) | |
| mysql> quit | |
| Bye | |
| -- Or even without username at all | |
| $ mysql -u '' -p | |
| Enter password: | |
| Welcome to the MySQL monitor. Commands end with ; or \g. | |
| Your MySQL connection id is 11223 | |
| Server version: 5.6.16 MySQL Community Server (GPL) | |
| mysql> quit | |
| Bye | |
| -------[Root connection]------- | |
| -- Let's create a user @'%' | |
| mysql> grant all on mydb.* to 'myuser'@'%' identified by '123123'; | |
| Query OK, 0 rows affected (0.00 sec) | |
| mysql> flush privileges; | |
| Query OK, 0 rows affected (0.00 sec) | |
| -------[Another connection]------- | |
| -- This user is ignored | |
| $ mysql -u myuser -p | |
| Enter password: 123123 | |
| ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using password: YES) | |
| -------[Root connection]------- | |
| -- Let's remove the empty user record | |
| mysql> drop user ''@'localhost'; | |
| Query OK, 0 rows affected (0.00 sec) | |
| mysql> flush privileges; | |
| Query OK, 0 rows affected (0.00 sec) | |
| -- And make sure that we're ok | |
| mysql> select Host, User from mysql.user; | |
| +-----------+------+ | |
| | Host | User | | |
| +-----------+------+ | |
| | 127.0.0.1 | root | | |
| | ::1 | root | | |
| | localhost | root | | |
| +-----------+------+ | |
| 3 rows in set (0.00 sec) | |
| -------[Another connection]------- | |
| -- Able to login with the correct user! | |
| $ mysql -u myuser -p | |
| Enter password: 123123 | |
| Welcome to the MySQL monitor. Commands end with ; or \g. | |
| Your MySQL connection id is 11228 | |
| Server version: 5.6.16 MySQL Community Server (GPL) | |
| -- And check the permissions | |
| mysql> show databases; | |
| +--------------------+ | |
| | Database | | |
| +--------------------+ | |
| | information_schema | | |
| | mydb | | |
| | test | | |
| +--------------------+ | |
| 3 rows in set (0.00 sec) | |
| mysql> quit | |
| Bye | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment