CentOS - Mar 2016 - C5 MySQL injection attack ("Union Select")

On Thu, 2016-03-24 at 04:08 -0700, Alice Wonder wrote:
> Always use parameterized statements (aka prepared statements) for SQL 
> that involves untrusted input.
> 
> I like to use them even for input that involves trusted input because it 
> is easy to make a change in my code and not think about how it impacts 
> the parameters.
> 
> -=-
> 
> This is an attack on WordPress ??? Or just trying to get WordPress 
> database from a different app?
> 
> Be careful with WordPress - it's database handler doesn't actually
use
> parameterized statements, it emulates them with printf - one (of many) 
> reasons I do not like the product.
> 
> If it is not an attack on WordPress directly - your WordPress database 
> should be using a different uname/pass from anything else, so actual 
> queries for data should fail.
I write my own database applications (each has its own unique user-id
and password and only essential permissions on tables) and do not use
any packaged solution. Thus no Wordpress or anything like it.

The hacker tried many variants like this - which baffle me.

' UNION SELECT (-x1-Q-,-x2-Q-,-x3-Q-,-x4-Q-,-x5-Q-,-x6-Q-)

' UNION SELECT 1,CONCAT(ddd,[X],file_priv,[XX],3,4,5,6,7,8 FROM
mysql.user limit 0,1  (I do not have mysql.user)

' UNION SELECT 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%"   -- /*
order by 'as

LIKE "%user%"
LIKE "%usr%"
LIKE "%phpbb%"
LIKE "?%"
LIKE "?m%"
LIKE "%member%"
LIKE "%forum%"
LIKE "%reg%"
LIKE "%moder%"
LIKE "%ftp%"
LIKE "%jos%"
LIKE "?ces%"
LIKE "%wso%"


>> Am 24.03.2016 um 09:54:11 +0100 schrieb Leon Fauster:
>> Current version on C5 is mysql55, 5.0 does not get any updates
anymore!

Thank you. That server is the last production server on C5. I need to
shift it to C6 and Maria 10.

I am 'always learning' security is a perpetual task. Thankfully I always
read the daily logs and reports (an arduous task).

Many thanks.

-- 


Paul.
England, EU.      England's place is in the European Union amid our
European brothers and sisters and even our betters.

On 03/24/2016 07:33 AM, Always Learning wrote:
*snip*
>
> Thank you. That server is the last production server on C5. I need to
> shift it to C6 and Maria 10.
>
> I am 'always learning' security is a perpetual task. Thankfully I
always
> read the daily logs and reports (an arduous task).
>
> Many thanks.
>
I would shift to CentOS 7.

Always deploy the latest version of CentOS unless you know something you 
have absolutely will not work in it.

That's my philosophy.

That doesn't mean I upgrade as soon as a new version comes out, though I 
frequently do simply because there are advantages with the new versions 
of software.

On Thu, 2016-03-24 at 08:00 -0700, Alice Wonder wrote:
> I would shift to CentOS 7.
With the, among others, systemd controversy I dread moving to C7. C6
works well and having just one version of an operating system simplifies
everything. I also lack sufficient time to exploring and learning the C7
differences and changes of operational logic.

C6 is, from my perspective, very similar to C5. C7 is not.


-- 
Regards,

Paul.
England, EU.      England's place is in the European Union.