LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘MySQL Access Control’

MySQL Access Control

1 votedvote

Detected 1 occurrence(s) of ‘using password’:

e data!
[22:00:13] [Server thread/INFO]:      JUST IGNORE, THIS IS FOR DEVELOPERS ONLY!
[22:00:13] [Server thread/INFO]:  
[22:00:13] [Server thread/WARN]: java.sql.SQLException: Access denied for user 'ArchonCratesAcc'@'167-114-39-30.hostload.com.br' (using password: YES)
[22:00:13] [Server thread/WARN]: 	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1073)
[22:00:13] [Server thread/WARN]: 	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
[22:00:13] [Server thread/WARN]: 	at com.mysql.jdb

Source: http://pastebin.com/raw.php?i=PewGH7KJ

MySQL Access Control

0 votedvote

Detected 1 occurrence(s) of ‘create user .* identified by’:

ost'
	
DROP USER 'user'@'localhost';
	
select user,host
from mysql.user
where user = '<your-user>';
	
flush privileges;

drop user 'user'@'localhost';
	
delete from mysql.user
where user='<your-user>'
and host = 'localhost';

flush privileges;
	
CREATE USER 'user'@'%' IDENTIFIED BY 'passwd';
	
drop user 'user'@'localhost';
	
drop user 'user'@'%';

Source: http://pastebin.com/raw.php?i=NgYpf5rV

MySQL Access Control

0 votedvote

Detected 3 occurrence(s) of ‘create user .* identified by’:

create user 'U1'@'localhost' identified by 'mdp_u1';
create user 'U2'@'localhost' identified by 'mdp_u2';
create user 'U3'@'localhost' identified by 'mdp_u3';
grant execute
on function controler_droits
to 'U1'@'localhost', 'U2'@'localhost', 'U3'@'localhost';
grant execute
on procedure lire_etat_compte
to 'U1'@'localhost', 'U2'@'localhost', 'U3'@'localhost';
grant execute
on procedure depot_com

Source: http://pastebin.com/raw.php?i=UVtfrDt2

MySQL Access Control

0 votedvote

Detected 2 occurrence(s) of ‘create user .* identified by’:


SQL> conn sys as sysdba
Enter password:
Connected.
SQL> conn sys@pdborcl as sysdba
Enter password:
Connected.
SQL> Create user test identified by test
  2  Default tablespace users
  3  Temporary tablespace temp
  4  Quota unlimited on users;
Create user test identified by test
                               *
ERROR at line 1:
ORA-01109: database not open


SQL> Grant create session, create procedure to test;
Grant create session, create procedure to test
*
ERROR at line 1:
ORA-01109: database not open


SQL> G

Source: http://pastebin.com/raw.php?i=bzDqsYqU

Simple Password

0 votedvote

Detected 6 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*[“‘][a-z0-9\-_\!\$]+[“‘]’:

' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "FLUSH PRIVILEGES;"
mysql --user="root" --password="secret" -e "CREATE DATABASE homestead;"
service mysql restart

Detected 1 occurrence(s) of ‘create user .* identified by’:

/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf

mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO root@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
service mysql restart

mysql --user="root" --password="secret" -e "CREATE USER 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret';"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT

Detected 6 occurrence(s) of ‘\-\-[pP]assword\=[^%^\$]’:

.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "FLUSH PRIVILEGES;"
mysql --user="root" --password="secret" -e "CREATE DATABASE homestead;"
service mysql restart

Detected 3 occurrence(s) of ‘grant .* to .* identified by’:

password="secret" -e "CREATE USER 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret';"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" --password="secret" -e "FLUSH PRIVILEGES;"
mysql --user="root" --password="secret" -e "CREATE DATABASE homestead;"
service mysql restart

Source: http://pastebin.com/raw.php?i=QAKgveaf