Hey Joel, Comments inline...
-----Oorspronkelijk bericht----- Verzonden: dinsdag 18 mei 2004 16:02 Aan: [EMAIL PROTECTED] Onderwerp: [Full-Disclosure] User bypass privs for Mysql?? J> Not having any grant permissions. I went into the mysql/user table and J> edited the Grant from N to Y. Logged out and logged back in, and I had J> full privs including Grant. I shouldn't be able to do this... That sounds really nice, but when i try to login with a non grant user, with no rights on the db mysql i cannot even use that db. So what i suspect is that you have Update permissions on the table. Can you verify that you have those? If so, i personally think that the situation then is explained. You can alter the information in there, so you can alter your permissions, relogin and have grant options.. What do you say? :-) Cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene mrtg.grunn.org Dutch mirror of MRTG _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
