[CentOS] C5 MySQL injection attack ("Union Select")

Thu Mar 24 15:50:33 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, March 24, 2016 10:32 am, Alice Wonder wrote:
> On 03/24/2016 08:28 AM, m.roth at 5-cent.us wrote:
>> Valeri Galtsev wrote:
>>>
>>> On Thu, March 24, 2016 9:48 am, m.roth at 5-cent.us wrote:
>>>> Valeri Galtsev wrote:
>>>>> On Wed, March 23, 2016 10:21 pm, Always Learning wrote:
>>>>>> mysql  Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using
>>>>>> readline 5.1
>>>> <snip>>
>>>>> Indeed. There are several flaws in how mysql handles data. This is
>>>>> why
>>>>
>>>> Ok, do you have a link or two to info about that?
>>>
>>> Mark, you seemed to snip away the link to presentation on youtube :
>>>
>>> https://www.youtube.com/watch?v=1PoFIohBSM4
>>>
>> Oh. I really dislike videos of people explaining something I could read,
>> if they'd just typed it up.... (I mean the author, not you). But I
>> suppose
>> I'll watch it.
>
> I'm with you there. It is getting worse because people are trying to
> monetize it with the ads that YouTube plays first.
>
> But you can't scan it, easily move back when you need to, etc.
>
> I wish more online help and tutorials were text like they use to be.

I agree with you both, gentlemen. But I gave the link I had handy. It is
kind of laziness on my part, I admit: I decided to not invest into search
of convenient equivalent, and gave something I already had reference to,
letting those who are interested find out either from this video or find
better - readable - source. If someone finds better source, I would
appreciate it. As my users will benefit if I refer them to better
digestible presentation. Thanks in advance!

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++