我使用的是最新版本的Joomla,v3.6,我很惊讶地看到不支持通过SSL连接到MySQL数据库。
似乎所需要的是核心Joomla db驱动程序文件的黑客攻击: /libraries/joomla/database/driver/mysqli.php
更令人沮丧的是,这个文件似乎使用了mysqli_connect(),从我看到的内容中没有内置的SSL连接支持,所以它不会像添加一些简单的那样简单属性。
在我开始黑客攻击之前,有没有人成功连接到Joomla的安全数据库?我不知道有不同的司机吗?
我在这里包含完整的Joomla DB连接功能以供参考:
public function connect()
{
if ($this->connection)
{
return;
}
/*
* Unlike mysql_connect(), mysqli_connect() takes the port and socket as separate arguments. Therefore, we
* have to extract them from the host string.
*/
$port = isset($this->options['port']) ? $this->options['port'] : 3306;
$regex = '/^(?P<host>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(:(?P<port>.+))?$/';
if (preg_match($regex, $this->options['host'], $matches))
{
// It's an IPv4 address with or without port
$this->options['host'] = $matches['host'];
if (!empty($matches['port']))
{
$port = $matches['port'];
}
}
elseif (preg_match('/^(?P<host>\[.*\])(:(?P<port>.+))?$/', $this->options['host'], $matches))
{
// We assume square-bracketed IPv6 address with or without port, e.g. [fe80:102::2%eth1]:3306
$this->options['host'] = $matches['host'];
if (!empty($matches['port']))
{
$port = $matches['port'];
}
}
elseif (preg_match('/^(?P<host>(\w+:\/{2,3})?[a-z0-9\.\-]+)(:(?P<port>[^:]+))?$/i', $this->options['host'], $matches))
{
// Named host (e.g example.com or localhost) with or without port
$this->options['host'] = $matches['host'];
if (!empty($matches['port']))
{
$port = $matches['port'];
}
}
elseif (preg_match('/^:(?P<port>[^:]+)$/', $this->options['host'], $matches))
{
// Empty host, just port, e.g. ':3306'
$this->options['host'] = 'localhost';
$port = $matches['port'];
}
// ... else we assume normal (naked) IPv6 address, so host and port stay as they are or default
// Get the port number or socket name
if (is_numeric($port))
{
$this->options['port'] = (int) $port;
}
else
{
$this->options['socket'] = $port;
}
// Make sure the MySQLi extension for PHP is installed and enabled.
if (!self::isSupported())
{
throw new JDatabaseExceptionUnsupported('The MySQL adapter mysqli is not available');
}
$this->connection = @mysqli_connect(
$this->options['host'], $this->options['user'], $this->options['password'], null, $this->options['port'], $this->options['socket']
);
// Attempt to connect to the server.
if (!$this->connection)
{
throw new JDatabaseExceptionConnecting('Could not connect to MySQL.');
}
// Set sql_mode to non_strict mode
mysqli_query($this->connection, "SET @@SESSION.sql_mode = '';");
// If auto-select is enabled select the given database.
if ($this->options['select'] && !empty($this->options['database']))
{
$this->select($this->options['database']);
}
// Pre-populate the UTF-8 Multibyte compatibility flag based on server version
$this->utf8mb4 = $this->serverClaimsUtf8mb4Support();
// Set the character set (needed for MySQL 4.1.2+).
$this->utf = $this->setUtf();
// Turn MySQL profiling ON in debug mode:
if ($this->debug && $this->hasProfiling())
{
mysqli_query($this->connection, "SET profiling_history_size = 100;");
mysqli_query($this->connection, "SET profiling = 1;");
}
}
答案 0 :(得分:0)
您的问题的解决方案是MySQL ssh隧道。如果你这样做,那么你就不必修改Joomla的核心内容。请参阅:http://chxo.com/be2/20040511_5667.html