|
|
|
|
|
|
by evanelias
3572 days ago
|
|
|
You don't need a large specialized infosec team to know the following: * Don't give SUPER or FILE privs to your application's mysql user * Don't allow mysql to accept connections from the public internet * Avoid SQL injection through use of bind variables This is pretty elementary stuff, and just doing any 2 of the 3 above will prevent this exploit from being usable. (unless the attacker has SSH access to your hosts, but in that case, you should already consider your entire environment to be compromised.) |
|
|