Questions tagged [mariadb]

MariaDB is an SQL database server.

18 questions

votes

1 answer

How does MariaDB's ed25519 auth scheme work?

Newer versions of MariaDB (a MySQL database server fork) have a new password based auth scheme called "ed25519". The docs are very sparse regarding how it works and what it does. https://mariadb.com/kb/en/library/authentication-plugin-ed25519/ What…

asked Sep 15 '19 at 12:27

Z.T.

7,768
1
20
35

votes

1 answer

Are MariaDB's encryption and compression functions secure?

MariaDB [(none)]> SET @key_str = SHA2('Is it secure?',512); Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> SET @crypt_str = AES_ENCRYPT('cleartext',@key_str); Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> select @crypt_str from…

encryption aes databases mysql mariadb

asked Apr 18 '18 at 06:11

Sybil

1,435
2
15
29

votes

4 answers

Simple SQL injection to bypass login in MariaDB

I'm trying out SQL Injection on my localhost. I have a simple HTML form, with a username, password and a submit button. So after clicking on the submit, user is redirected from login.html to a page called login.php:

vote

1 answer

Is MariaDB Server obsolete for PHP and Wordpress projects?

PHP (and by extension WordPress) only supports MySQL native & sha256 password authentication. MariaDB Server only supports MySQL native & ed25519 password authentication. Since MySQL native password authentication uses SHA-1 and is not considered…

php mysql sha wordpress mariadb

asked Aug 11 '21 at 16:51

Joseph Michael

vote

2 answers

SQL Injection on MariaDB

I am trying to exploit (legally) a MariaDb database with an SQLi vulnerability. I have identified the vulnerability here... /?o=1&page=app The o=* is vulnerable and produces the following error... DEBUG INFO: You have an error in your SQL syntax;…

sql-injection mariadb

asked Feb 21 '19 at 14:40

3therk1ll

vote

2 answers

SQL-injection, unable to get it to work!

I've recently found a SQL-injection vulnerability in one of our web applications. I've been able to exploit this SQLi, but only able to extract some very basic information. I'm not an expert pentester or SQL-master but this intrigues me and I would…

sql-injection mariadb

asked Jan 17 '19 at 12:20

Specop

vote

1 answer

SQL inject MariaDB with SQLMAP

I'm fairly new to sqlmap but I have tried a lot of attacks and have been successful except for this one attack that I have tried. SQLMAP won't detect this nor try to inject an error like this. So how ik that the site is vulnerable well. I used…

sql-injection sqlmap mariadb

asked Dec 21 '18 at 20:26

Dan Ash

votes

1 answer

Nmap returns both, mysql and mariadb versions, how do I khow which one is actually running?

I ran nmap scan and output included following line: 3306/tcp open mysql MySQL 5.5.5-10.3.25-MariaDB-0+deb10u1 How do I know which one is actually running, MySQL or MariaDB?

nmap mysql mariadb

asked Dec 08 '21 at 23:11

beardeadclown

votes

2 answers

How to connect to a MariaDB database after collecting data about users and passwords with a SQLI?

I'm trying to breach a dummy MariaDB database which is vulnerable to SQLI and is storing sensitive data about its users and their passwords. I've collected all the data I could collect, but now how am I supposed to connect to this database and…

sql-injection mysql bash mariadb

asked Feb 14 '21 at 19:06

justanothernoob

votes

2 answers

How to know whether mysql connection is using SSL or TLS connection?

I want to verify whether mysql remote connection is using tls/ssl connection for security purposes. I ran status command to check initially: mysql> status -------------- mysql Ver 8.0.19 for osx10.15 on x86_64 (Homebrew) Connection id: …

tls mysql wireshark end-to-end-encryption mariadb

asked Feb 12 '21 at 21:51

ANWESH MOHAPATRA

votes

1 answer

Is it possible to locate web document root using SQL query/SQL Injection?

I have access to MySQL database which the current user has FILE privilege. I want to upload a web shell but I do not know the root directory of the web server. Is it possible to somehow locate the root directory using a SQL query?

sql-injection mysql mariadb

asked Aug 22 '20 at 14:22

maximillian1

votes

1 answer

SQLMap Only Returns information_schema

I run this command python sqlmap.py -u https://acme.com/post.php --data "id=1" --tamper="between,randomcase,space2comment" -v 3 --random-agent --dbs but SQLMap only returns information_schema database. Is there something wrong (if so, is there…

sql-injection mysql sqlmap mariadb

asked Jul 26 '20 at 14:29

maximillian1

votes

0 answers

Sqlmap not detects error based injection

I am working on Hack the VM (hard machine) for my OSCP preparation There is a web app with two drop down boxes.. Year and month.. both contain numbers and a submit to fetch data from DB based on year and month Now when I change the month value from…

php sql-injection mysql sqlmap mariadb

asked Jul 17 '20 at 17:49

Badddy

votes

0 answers

SQL Injection bypass UNION filter/restriciton

I've recently had an interesting interview exercise I haven't completed and it does puzzle me what kind of filter/protection they've used. The vuln app is a PHP with simple MariaDB (5.5.56) back-end, where name FORM is vulnerable to SQL injection…

php sql-injection mysql mariadb

asked Aug 17 '19 at 15:43

mirek

votes

1 answer

Is it secure to store my mysql password in a const std::string?

I am implementing a C++ server with a mariadb backend. I have to access my database and I do so using the mariadbpp (its c++ connector). Though I can use mysql_config_editor and store the passwords in an (encrypted) .cnf file, mariadbpp's API needs…

passwords c++ mariadb

asked Feb 23 '19 at 10:30

Hemil

2 Next