Sure, a dump done with SHOW DATABASES, SHOW TABLES, DESC foo, SELECT FROM foo if you only can do SQL injection, or maybe dump using mysqldump if you find some mysql credentials.
But logging into the DB-server via ssh as root and copying /var/lib/mysql/? That sounds like an unnecessary amount of work for an attacker (but is easy to do for an insider).
But logging into the DB-server via ssh as root and copying /var/lib/mysql/? That sounds like an unnecessary amount of work for an attacker (but is easy to do for an insider).
Not really, you only need a priviledge escalation exploit. Most companies aren't very dilligent in updating their servers and it's not that hard to enter via a known exploit.
What's special about that? A DB dump is the first thing I'd do if I wanted to steal data.
Sure, a dump done with SHOW DATABASES, SHOW TABLES, DESC foo, SELECT FROM foo if you only can do SQL injection, or maybe dump using mysqldump if you find some mysql credentials.
But logging into the DB-server via ssh as root and copying /var/lib/mysql/? That sounds like an unnecessary amount of work for an attacker (but is easy to do for an insider).
Not really, you only need a priviledge escalation exploit. Most companies aren't very dilligent in updating their servers and it's not that hard to enter via a known exploit.