Mysql中udf.dll提权的防御方法

转载:Xiaoz Blog

通过删除udf.dll和langouster_udf.dll,再新建udf.dll和langouster_udf.dll 设为只读、限制权限就可防止所有langouster_udf.dll专用网马

将下面的代码保存为 *.bat 的批处理文件,如 udf.bat

net stop mysql
del %SystemRoot%\system32\udf.dll /A/F/Q
del %SystemRoot%\udf.dll /A/F/Q
del %SystemRoot%\temp\udf.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\temp\udf.dll
attrib +R +S +H %SystemRoot%\system32\udf.dll
attrib +R +S +H %SystemRoot%\udf.dll
attrib +R +S +H %SystemRoot%\temp\udf.dll

cscript.exe xcacls.vbs "%SystemRoot%\system32\udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\temp\udf.dll" /D Everyone:M /E

del %SystemRoot%\system32\langouster_udf.dll /A/F/Q
del %SystemRoot%\langouster_udf.dll /A/F/Q
del %SystemRoot%\temp\langouster_udf.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\langouster_udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\langouster_udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\temp\langouster_udf.dll
attrib +R +S +H %SystemRoot%\system32\langouster_udf.dll
attrib +R +S +H %SystemRoot%\langouster_udf.dll
attrib +R +S +H %SystemRoot%\temp\langouster_udf.dll
cscript.exe xcacls.vbs "%SystemRoot%\system32\langouster_udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\langouster_udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\temp\langouster_udf.dll" /D Everyone:M /E
net start mysql

This entry was posted in Technology. Bookmark the permalink. 5,208 views

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *