Wednesday, August 16, 2006

MySQL system-functions summary

Dirty Summary for mysql system functions, mainly for dba or pen tester:

  • found_rows() - returns the current table row numbers
  • last_insert_id() - for auto_increment para, this is somehow helpful
  • user() - this is extremely useful,it returns the current username (e.g:root ->then you can smile ^^)
  • database() - this is cool too, gives back the current database name, ease the pain of spending hours on finding it.
  • version() - This is awesome, you all know mysql 3,4,5 are different and have some unique features.Without knowing the version, you might stuck for another hours
  • connection_id() - Well, you can guess how busy this database is
  • INET_ATON(ip) - Not really useful for pentesting
And some password functions,
  • password($pwd) - encrypts a specified string as a 41-byte hash value, it is pretty weak alogrithm
  • md5($pwd) - MD5 encryption, possibly crackable
  • sha($pwd) - sha encryption, possibly crackable (sha1-version, which means you can use sha1($pwd) for getting the same result
Might not completed...correct me!

No comments: