MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.

Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.

First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one …

In my Sun blog blogs.sun.com/georgetrujillo I have defined how to install MySQL on Solaris using MOCA as a set of guidelines and best practices.

After some glitches - mainly introduced by switching to the new source control system - we are presenting a new release of version 5.0 (built right out of our shiny new bazaar repository). This release has another 17 bugs fixed (along with some additional adjustments to improve usability). While we are already working in parallel at version 5.1 we are constantly fixing the remaining bugs in our present release version.

Regarding my earlier post on memcached webinar, I was informed today that more than 420 registrants have signed up. Space is limited and filling up fast so if you are interested in memcached and haven't registered yet, click on the following link to register now!

Designing and Implementing Scalable Applications with Memcached and MySQL (June 29)

SourceForge announces quarterly earnings. Linux server growth strong, says analyst firm. Talend adds support for MaxDB. (and more)

SourceForge Reports Third Quarter Fiscal 2008 Results, SourceForge (Press Release)

Worldwide Server Market Shows Resiliency with Solid First Quarter Results, According to IDC, IDC (Press Release)

Talend Announces Data Integration for MaxDB, Talend (Press Release)

How everyone wins with open source software, Linux.com, Lisa Hoover (Article)

…

now it's only the unknown remaining :-)

mysql-test-run now passes for all tests

current plan:
1) will now start on adding error handling in dict,
it shouldnt be that hard (or take that long)

2) i'll (likely) also do the "grand unified state"-patch in dict (but in 6.4)
aka remove table-state.

3) also now started thinking about add-node

4) maybe I should publish a snapshot...i'll wait to see if I get any comments
requesting it

---

I missed my normal comments-fishing the last posts.
Will try to keep the spirit (even if comments are few)

Sun Microsystems, Inc. today announced that the Nordrhein-Westfalen Data Centre for Finance Management (RZF) is relying on MySQL Enterprise™ to deliver its database applications. Following a very successful test period for its custom-built financial applications, RZF plans to deploy additional MySQL™-based database applications in the future.

Sun Microsystems, Inc. today announced that First B2B Ltd, one of the leading providers of business-to-business electronic trading, is now processing more than 2 million complex transactions a year with Sun's MySQL™ database software. With MySQL as the 'central plank' of its business, First B2B is able to support the trading transactions of more than 400 companies throughout the UK, and its entire operations are now based upon a MySQL Enterprise™ database subscription.

MySQL databases are increasingly used by high volume, high transaction applications
that support businesses running full throttle 24-hours a day, seven days a week.
Backup and recovery operations need to be conducted in such as way that is non-disruptive
to users and applications. The latest release of Zmanda Recovery Manager (ZRM) 2.2 provides
Continuous Data Protection (CDP) as well as instant point-in-time recovery for MySQL.
In this webinar, we will demonstrate the latest ZRM enhancements so that you can use ZRM
to build a robust, flexible, and easy to use backup and recovery solution.

When: Thursday May 29, 2008, 10:00am Pacific / 1:00pm Eastern

If you need to combine two scripts with MySQL Proxy you have three choices.

• You can manually rewrite the two scripts (good luck!)
• you can use the load-multi module to load scripts on demand;
• or you can use the proxy chaining technique.

To chain two proxies, you need to start one Proxy with the first Lua script, pointing at the real backend, listening to a non-standard port. Then you start the second Proxy with the second Lua script, having the first proxy as a backend, and listening to the standard proxy port.
It's a difficult and error prone procedure. You would forget about it, unless there were an easy workaround. And indeed you can have such a workaround. Just use the …