I am trying to find security flaws in a MySQL page. It is an assignment for a class learning about SQL. Through a textbox, they will be given access to a database to submit queries and see if it returns the correct data sets. I want to find out if there's anything malicious they could do.
This is the result of a SHOW GRANTS query:
Grants for user@localhost
GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'the password'
GRANT SELECT ON `server\_dir`.* TO 'user'@'localhost'
GRANT SELECT ON `server\_dir\_ans`.* TO 'user'@'localhost'
Can someone explain what these GRANT statements mean? What is *.* and GRANT USAGE? What else can I do to this site to break it?
The site itself is written in PHP.
In response to The Rook, when I execute:
UPDATE mysql.user set Password = password("hacked");
FLUSH PRIVILEGES;
I get back:
Error Number: 1142. UPDATE command denied to user 'user'@'localhost' for table 'user'
Error Number: 1227. Access denied; you need the RELOAD privilege for this operation
As I thought, it appears that the user lacks permissions necessary to do this. Or am I misunderstanding something?
*.*means all tables on all databases.The flaws in security will happen more in the php than in the msyql, see this Wikipedia article for common issues: SQL Injection.
GRANT USAGEmeans no privileges.