⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.124
Server IP:
50.28.103.30
Server:
Linux host.jcukjv-lwsites.com 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
Server Software:
nginx/1.28.0
PHP Version:
8.3.12
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
www
/
server
/
mysql
/
mysql-test
/
r
/
View File Name :
slow_log.result
# # Bug#33732907: Slow query log logs password in plain text on syntax error # SET @save_sqlf=@@global.slow_query_log_file; SET @save_sql=@@global.slow_query_log; SET @save_lo=@@global.log_output; SET @save_lqt=@@session.long_query_time; SET GLOBAL slow_query_log_file= '.../slow33732907.log'; SET @@global.slow_query_log=1; SET @@global.log_output='file,table'; SET @@session.long_query_time=0; # This succeeds, and the password is correctly obfuscated. CREATE USER 'duplicate_user'@'%' IDENTIFIED BY 'mypassword'; # This fails, but the password is still correctly obfuscated. CREATE USER 'duplicate_user'@'%' IDENTIFIED BY 'mypassword'; ERROR HY000: Operation CREATE USER failed for 'duplicate_user'@'%' # Since we throw an error during the parse stage, we don't know which # part of the statement is the password (or whether there even is one), # so we cannot obfuscate it. In that case, the statement should not be # logged, either. The general log also behaves like this by default. CREATE USER ‘bad_characters’@’%’ IDENTIFIED BY 'mypassword'; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '��bad_characters’@’%’ IDENTIFIED BY 'mypassword'' at line 1 # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts SELECT "general table>",argument FROM mysql.general_log WHERE INSTR(argument,"CREATE USER")=1 ORDER BY event_time; general table> argument general table> CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' general table> CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts SELECT "slow table>",sql_text FROM mysql.slow_log WHERE INSTR(sql_text,"CREATE USER")=1 ORDER BY start_time; slow table> sql_text slow table> CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*FABE5482D5AADF36D028AC443D117BE1180B9725' slow table> CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' SET @@global.slow_query_log_file=@save_sqlf; SET @@global.slow_query_log=@save_sql; SET @@global.log_output=@save_lo; SET @@session.long_query_time=@save_lqt; DROP USER 'duplicate_user'@'%'; # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts slow file>CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*FABE5482D5AADF36D028AC443D117BE1180B9725'; slow file>CREATE USER 'duplicate_user'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>'; TRUNCATE mysql.slow_log; TRUNCATE mysql.general_log; # # Done.