来源:/analyzer/articles/1045072.html
首先要声明一下:一般情况下,修改MySQL密码,授权,是需要有mysql里的root权限的。
注:本操作是在WIN命令提示符下,phpMyAdmin同样适用。
用户:phplamp用户数据库:phplampDB
1.新建用户。
//登录MYSQL
@>mysql-uroot-p
@>密码
//创建用户
mysql>insertintomysql.user(Host,User,Password)values("localhost","phplamp",password("1234"));
//刷新系统权限表
mysql>flushprivileges;
这样就创建了一个名为:phplamp密码为:1234的用户。
然后登录一下。
mysql>exit;
@>mysql-uphplamp-p
@>输入密码
mysql>登录成功
2.为用户授权。
//登录MYSQL(有ROOT权限)。我里我以ROOT身份登录.
@>mysql-uroot-p
@>密码
//首先为用户创建一个数据库(phplampDB)
mysql>createdatabasephplampDB;
//授权phplamp用户拥有phplamp数据库的所有权限。
>grantallprivilegesonphplampDB.*tophplamp@localhostidentifiedby'1234';
//刷新系统权限表
mysql>flushprivileges;
mysql>其它操作
/*
如果想指定部分权限给一用户,可以这样来写:
mysql>grantselect,updateonphplampDB.*tophplamp@localhostidentifiedby'1234';
//刷新系统权限表。
mysql>flushprivileges;
*/
3.删除用户。
@>mysql-uroot-p
@>密码
mysql>DELETEFROMuserWHEREUser="phplamp"andHost="localhost";
mysql>flushprivileges;
//删除用户的数据库
mysql>dropdatabasephplampDB;
4.修改指定用户密码。
@>mysql-uroot-p
@>密码
mysql>updatemysql.usersetpassword=password('新密码')whereUser="phplamp"andHost="localhost";
mysql>flushprivileges;
误解:
在做 dvwa 的 SQL 入侵演练时,通过如下 grant 语句后依然没有权限,以至于以为 grant 语句失效。
先新建一个用户,用户名和密码都是 gqltt
@>mysql -u root
mysql>grant all privileges on dvwa.* to gqltt@localhost identified by 'gqltt' with grant option;
mysql>flush privileges;
如下表明 grant 已经成功:
mysql> select * from mysql.user where user='gqltt' \G;*************************** 1. row ***************************Host: localhostUser: gqlttPassword: *1A1A4491309AD204398CD4AA6FD550C1799D3403Select_priv: NInsert_priv: NUpdate_priv: NDelete_priv: NCreate_priv: NDrop_priv: NReload_priv: NShutdown_priv: NProcess_priv: NFile_priv: NGrant_priv: NReferences_priv: NIndex_priv: NAlter_priv: NShow_db_priv: NSuper_priv: NCreate_tmp_table_priv: NLock_tables_priv: NExecute_priv: NRepl_slave_priv: NRepl_client_priv: NCreate_view_priv: NShow_view_priv: NCreate_routine_priv: NAlter_routine_priv: NCreate_user_priv: NEvent_priv: NTrigger_priv: NCreate_tablespace_priv: Nssl_type:ssl_cipher:x509_issuer:x509_subject:max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin:authentication_string:1 row in set (0.00 sec)
mysql> show grants for gqltt@localhost;+--------------------------------------------------------------------------------------------------------------+| Grants for gqltt@localhost|+--------------------------------------------------------------------------------------------------------------+| GRANT USAGE ON *.* TO 'gqltt'@'localhost' IDENTIFIED BY PASSWORD '*1A1A4491309AD204398CD4AA6FD550C1799D3403' || GRANT ALL PRIVILEGES ON `dvwa`.* TO 'gqltt'@'localhost' WITH GRANT OPTION|+--------------------------------------------------------------------------------------------------------------+2 rows in set (0.01 sec)
mysql> select * from information_schema.schema_privileges where grantee="'gqltt'@'localhost'";+---------------------+---------------+--------------+-------------------------+--------------+| GRANTEE | TABLE_CATALOG | TABLE_SCHEMA | PRIVILEGE_TYPE|IS_GRANTABLE |+---------------------+---------------+--------------+-------------------------+--------------+| 'gqltt'@'localhost' | def | dvwa | SELECT |YES|| 'gqltt'@'localhost' | def | dvwa | INSERT |YES|| 'gqltt'@'localhost' | def | dvwa | UPDATE |YES|| 'gqltt'@'localhost' | def | dvwa | DELETE |YES|| 'gqltt'@'localhost' | def | dvwa | CREATE |YES|| 'gqltt'@'localhost' | def | dvwa | DROP|YES|| 'gqltt'@'localhost' | def | dvwa | REFERENCES |YES|| 'gqltt'@'localhost' | def | dvwa | INDEX |YES|| 'gqltt'@'localhost' | def | dvwa | ALTER |YES|| 'gqltt'@'localhost' | def | dvwa | CREATE TEMPORARY TABLES |YES|| 'gqltt'@'localhost' | def | dvwa | LOCK TABLES |YES|| 'gqltt'@'localhost' | def | dvwa | EXECUTE |YES|| 'gqltt'@'localhost' | def | dvwa | CREATE VIEW |YES|| 'gqltt'@'localhost' | def | dvwa | SHOW VIEW|YES|| 'gqltt'@'localhost' | def | dvwa | CREATE ROUTINE|YES|| 'gqltt'@'localhost' | def | dvwa | ALTER ROUTINE |YES|| 'gqltt'@'localhost' | def | dvwa | EVENT |YES|| 'gqltt'@'localhost' | def | dvwa | TRIGGER |YES|+---------------------+---------------+--------------+-------------------------+--------------+18 rows in set (0.00 sec)
如果在 dvwa 演示程序中,用 gqltt 连接 DB ,则如下 sql 注入无法操作:
http://localhost:8081/dvwa/vulnerabilities/sqli/?id=1' union select user, password from mysql.user -- &Submit=Submit#
认真想想也是 gqltt 用户只有数据库 dvwa 的所有权限,当然无法查询数据库 mysql 的 user 表。
如果想让一个用户有像 root 一样的权限,如下操作
mysql> grant all privileges on *.* to gqltt@localhost identified by 'gqltt' withgrant option;
这样再次查询 mysql.user 时候,就有所有的权限了。
mysql> select * from mysql.user where user='gqltt' \G;*************************** 1. row ***************************Host: localhostUser: gqlttPassword: *1A1A4491309AD204398CD4AA6FD550C1799D3403Select_priv: YInsert_priv: YUpdate_priv: YDelete_priv: YCreate_priv: YDrop_priv: YReload_priv: YShutdown_priv: YProcess_priv: YFile_priv: YGrant_priv: YReferences_priv: YIndex_priv: YAlter_priv: YShow_db_priv: YSuper_priv: YCreate_tmp_table_priv: YLock_tables_priv: YExecute_priv: YRepl_slave_priv: YRepl_client_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YCreate_user_priv: YEvent_priv: YTrigger_priv: YCreate_tablespace_priv: Yssl_type:ssl_cipher:x509_issuer:x509_subject:max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin:authentication_string:1 row in set (0.00 sec)