Who dropped all the tables in mysql database - mysql

The tables in the database i use for my website was dropped in some way. I didn't do it, but i don't know who did it. My hosting company says we didn't do either. So is there a way to know who did it? If there is a solution for it, i'll be grateful. My website is offline now.
Thanks

Provided you do not have a backup: as Stanley has pointed out, your code might have been vulnerable. This is just one out of many possible solutions.
Small checklist:
Check whether the DB is accessible from outside localhost (usually it should not)
Check password security
Check who has access to your DB and whether you can trust them
Check your code for SQL injection vulnerability: What is SQL injection?

Related

DBeaver - missing procedures in MySQL database

I have connected to my work database via DBeaver. Recently colleague told me about a procedure that lets me check newly added entities through our front-end.
And I can't find it in the list of procedures, nor using this query:
SHOW PROCEDURE STATUS WHERE Name LIKE '%name%'
I have the same connection settings as my colleague's, same user, etc, but he uses DbForge and I use DBeaver, cause at some point of time DbForge began having too much restrictions for free version (I wasn't simply able to execute queries), and the older version my colleague gave me didn't install in Windows 11.
So, I'm thinking may be there's some settings in the DBeaver that hide certain stored procedures, or I need to adjust connection settings.
Does anyone has clue on this?
Or may be someone could suggest some alternative to DbForge, which allows to execute queries in the free version and to set colors to connections (I find that thing convenient), and possibly doesn't have this problem, may be because of being more MySQl-oriented.
Thanks in advance!
I've tried to open connection settings and check out the additional parameters there, but can't seem to notice anything relevant.
Ok, seems like there was misunderstanding between me and my colleague, and he actually meant some another DB Server, but with same User/Password combination. Thanks for the comments, that also helped in finding the cause. I really did install MySQL Workbench, saw the same picture in there, and started wondering what else it could be and reading our communication again.
My mistake) The question is no longer actual.

Please do not block this query about mysql

I have a list of mysql databases with Godaddy. I did not give them clear names now I cannot find out which website they pertain to. Can someone tell me where I can see the name of the website or domain the mysql is connected to. My fault, dumb thing to do.
Please do not get me blocked for asking a simple question.
Cheers
The great thing about domains hosted on GoDaddy is that you can access any of your mysql databases through any of your domains if they are all under the same account. MySql isnt connected to any particular domain name, but rather the mysql exists on the same server and is accessible by any of your domains. Please comment if you need further clarification, or edit your question.

Possible SQL Injection? What happened?

I'm seeing a weird url repeatedly in my logs and I'm wondering if someone is able to understand what this user was attempting to do. I'm a little familiar with the basics of MySQL, however, I'm lost with this one (especially the 0x7e parts), and want to prevent future possible vulnerabilities. I've found and am correcting the vulnerability in my script, however I'd really like to know what this person was doing. Any insight you can offer would be greatly appreciated. Thank you.
Note: I replaced my actual database and table names below with DatabaseName.TableName to make it clearer.
Here's the weird url:
photo.php?member_id=11616%27+AND+(SELECT+7509+FROM(SELECT+COUNT(*),CONCAT(0x7e,0x7e,0x7e,0x27,(SELECT+CONCAT(MID((IFNULL(CAST(member_id+AS+CHAR),0x20)),1,50),0x3A,MID((IFNULL(CAST(email_address+AS+CHAR),0x20)),1,50),0x3A,MID((IFNULL(CAST(password+AS+CHAR),0x20)),1,50))+FROM+DatabaseName.TableName+ORDER+BY+member_id+LIMIT+81947,1),0x27,0x7e,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)+AND+%27FtCw%27=%27FtCw&name=1392855.jpg
I believe so. They're testing to see if you are susceptible to SQL injection.
The INFORMATION_SCHEMA.CHARACTER_SETS table is tested because all users have read privilege to this table regardless of what privileges you otherwise give them. I can't imagine the attacker is really interested in how many character sets you have, so they're probably just seeing if they can get that query to run. If they confirm this, it means that they can proceed to use other attacks.
You need to block that attacker's IP address ASAP. Then review your code to make sure you are safe from SQL injection vulnerabilities.
well i have been through penetration testing and testing these kind of attacks.. this query is generated by SQLMap a penetration testing tool (written on python) to check if the link is vulnerable to Sql Injection or Not.. bt make sure if its only testing mean u r conducting this urself.. if he managed to access ur database he can compromise the server even..
u can check more on sql map here..
Project Sql Map

Visibility of databases in cloudbees?

I'm looking into using CloudBees for some application prototyping. I am using free accounts right now, I am not paying any subscriptions at the moment.
The first step for me is to create a MySQL database to host my application's data. I've done so (and it was pretty easy!). I also use Liquibase to manage the database (I've started this work using local H2 databases for the pre-prototyping), and I've been able to construct everything as expected.
As part of checking whether liquibase created the tables, I brought up the MySQL database in NetBeans. And, it did function well. But I can also see other schemas as well as the schema I just created. They're all innocently named (test, test_6hob). But, I can see the tables and view their data.
My question is around the visibility of the data that's in the CloudBees database. Is the database created for the free accounts viewable to other people connecting to the same machine? Does this change if I use a paid account? Or is it more the nature of how the database was created? I can see other schemas (and their data) but I have no idea if other people can see mine? Is there a permissions-aspect I need to ensure I set? I've fairly ignorant with the inner-workings of MySQL.
While this is a prototype, were I to move into using CloudBees for production applications, I wouldn't want the data to be visible to anyone who happened to connect to the same database as my application. It's entirely possible that I'm missing something in this new cloud world. :)
Thanks for any info
All CloudBees MySQL databases are secured separately (although will be in shared instances unless you have a dedicated server) - they are not readable by any other account by default.
However, it is possible for the database owner to grant access to users from other accounts on that same database server if you really wanted to - even though it makes very little sense to do so (and your special user configuration will be lost during a failover).
So this is what has happened for the test databases that you can see - the database owner has opened up security on those databases / tables.
This question is probably off topic but i'll bite anyway. The database data is private to your account. Actual hardware/vm's maybe shared but the data/database is not.

Is it possbile to write files with MySQL via SQL injection?

Long story short, we found files promoting prescription drugs on our server that we didn't put there. The Windows server has very old applications and runs MySQL 5.1.11.
Beyond other security flaws, could SQL injection be used to write files to the server file system? I am certain that some of these old applications are vulnerable to SQL injection attacks. I would NOT think that this is possible, but I seem to remember reading somewhere that MySQL could access the "command line" and write files via it though I can not locate a source for that info. Then again, my mind could be playing tricks on me.
If this is possible, is there a setting that can disable it?
Also, I'm not looking for the answer that says get rid of the SQL injection vulnerability. While that obviously needs to be done; I'm looking for a quick short term fix that will prevent the rogue files from magically appearing again while the SQL injection vulnerabilities are being fixed. Fixing all the old applications is going to take lots of time.
Thanks.
It's possible, especially with suitably careless configuration.
For example, there is SELECT ... INTO OUTFILE 'file_name'
But it's also more likely to be a different security problem. I'd seriously consider taking the software offline quickly, especially if the database contains any confidential or private information
as Colin Pickard shows, yes.
but even if you can't update your application, i doubt it needs the rights it's currently running with. you need to check the user it logs in to mysql with and trip those permissions down to the minimum. specifically in this case, you should remove the FILE privilege if your app does not read/write files stored on the mysql server.
Setting the permissions of the application directory to read-only for the web account might work. This assumes that you're not already creating files in it like logfiles and such.