Cross-library
When we perform SQL injection, we often read out many libraries. As a result, we also need to use "-current-representative" in sqlmap to determine which is the current library.
Mysql's root, mssql's sa, oracle's sys are the most privileged accounts in their database.
In general, each database corresponds to the relevant authority for its user authority. Usually when you inject mssql you will see all the library names, but reading the table can only read the table name of the current library. At this time, your authority is generally dbowner's authority, which is the authority of the database owner. In other words, you can only add, delete, modify, and check the current library.
The first requirement for cross-database queries is to have permissions, or that permissions can be elevated. Otherwise, only the current library can be operated, and other libraries may not even have read permission.
For example, mysql has the highest root privileges, and all the libraries can be added, deleted, modified, and any operations can be performed for root. In the windows system, the installed mysql generally has system permissions, that is, the entire disk can be read. If you get root when you escalate power, it will be more convenient to escalate power.
In the linux system, the mysql runtime is generally run with the permissions of the mysql user. Compared to windows, mysql on the linux system is more difficult to use, because the linux permissions are set more strictly. Under normal circumstances, mysql only has mysql The user's authority is much lower than that of mysql under windows.
Note : At present, cross-database query refers to the fact that due to the lack of strict permission settings, ordinary accounts are granted too high permissions, so that they can operate on other databases. For example, in mysql, by default, only the root has permission to operate the informatin_schema table. However, if the permissions of a common account are too high, he can operate the database, thereby affecting the operation of the entire mysql database. There are a lot of permissions to do better, even only this kind of permissions combining query and read
Cross-database query process
--Current-db Check which database the current site uses
--dbs
-D phpcms --tables to view the contents of the phpcms database --is
-dba -v 1 Check whether it is the database permission
-D phpcms --T admin --dump to the phpcms library The admin table to drag the library
