软件测试 | REVOKE 命令的漏洞

mysql> grant select,insert on test1.* to z1@localhost; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on *.* to z1@localhost; Query OK, 0 rows affected (0.00 sec) mysql> show grants for z1@localhost; +-------------------------------------------------------+ | Grants for z1@localhost | +-------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'z1'@'localhost' | | GRANT SELECT, INSERT ON `test1`.* TO 'z1'@'localhost' | +-------------------------------------------------------+ 2 rows in set (0.00 sec)

mysql> revoke all privileges on *.* from z1@localhost; Query OK, 0 rows affected (0.00 sec)

mysql> show grants for z1@localhost; +-------------------------------------------------------+ | Grants for z1@localhost | +-------------------------------------------------------+ | GRANT USAGE ON *.* TO 'z1'@'localhost' | | GRANT SELECT, INSERT ON `test1`.* TO 'z1'@'localhost' | +-------------------------------------------------------+ 2 rows in set (0.00 sec)

[zzx@localhost ~]$ mysql -uz1 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 26 Server version: 5.0.41-community-log MySQL Community Edition (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use test1 Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------+ | Tables_in_test1 | +-----------------+ | t1 | | t12 | | t2 | +-----------------+ 3 rows in set (0.00 sec) mysql> insert into t1 values(1); Query OK, 1 row affected (0.00 sec)