There is a root MySQL user that is disparate from the root system user.
On Tue, Jul 22, 2014 at 4:53 AM, Sharma, Vivek <vivek.shar...@blackrock.com>
wrote:
> Hi All,
>
>
>
> While trying out the sql shell option, I saw that sql-map spawns a
> sql-shell for me, great!
>
>
>
> The vulnerable application was running on a low privileged account, not
> root@localhost. But when I did
>
>
>
> sql-shell>select user()
>
>
>
> It tells me the user is *root@localhost*.
>
>
>
> Is it that sql-map opens up a shell with a root account, irrespective of
> the account application is running on. Seems unrealistic though.
>
>
>
> If not what could be the possible reason?
>
>
>
> Regards
>
> Vivek Sharma
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
> PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
> subsidiaries, ("BlackRock") does not waive any confidentiality or
> privilege. If you are not the intended recipient, please notify us
> immediately and destroy the message without disclosing its contents to
> anyone. Any distribution, use or copying of this e-mail or the information
> it contains by other than an intended recipient is unauthorized. The views
> and opinions expressed in this e-mail message are the author's own and may
> not reflect the views and opinions of BlackRock, unless the author is
> authorized by BlackRock to express such views or opinions on its behalf.
> All email sent to or from this address is subject to electronic storage and
> review by BlackRock. Although BlackRock operates anti-virus programs, it
> does not accept responsibility for any damage whatsoever caused by viruses
> being passed.
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
