New!: Mysql Hacktricks

| Variable | Dangerous Value | Impact | |----------|----------------|--------| | secure_file_priv | "" (empty) | Read/write any file | | local_infile | ON | Client-side file read attack | | log_bin_trust_function_creators | ON | Create dangerous UDFs | | plugin_dir | Writable by mysql user | Upload UDFs | | validate_password | OFF | Weak passwords allowed |

: Find OS user (www-data), then use kernel exploit or UDF: mysql hacktricks

For defensive strategies and secure configuration, you can refer to: Harden MySQL : Steps like using mysql_secure_installation , setting strong passwords, and enabling TLS. Privilege Management MySQL Reference Manual | Variable | Dangerous Value | Impact |

Once you have valid credentials (e.g., root:password123 ), connect to the database using the standard client: setting strong passwords

MySQL can federate to other instances using the FEDERATED engine: