|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 136
Members: 0
Total: 136
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
MySQL Zero-Length Exploit HELP! |
|
Posted: Sat Jun 23, 2007 6:15 am |
|
|
blaxenet |
Active user |
|
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
|
|
|
|
Hi Guys,
As you can see I love learning new things about this area,
So i've been fiddling around with this-
http://milw0rm.com/exploits/311
Managed to get the success message from a couple
Just wondering if it's actually possible to login, if so how?
My local version also succeeded,
So I am wondering how I login via this exploit without typing in my password.
Thanks for your advice!
BlaxeNet |
|
|
|
|
|
|
|
|
Posted: Sun Jun 24, 2007 7:52 am |
|
|
blaxenet |
Active user |
|
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
|
|
|
|
After some poking around I found that there is current no publicly known way to gain access using this exploit if the server has succeeded.
Apparently it was created to test the security of your MySQL installation, even if that was the case the person who found the exploit should know the way in
I might be wrong in saying this,
But I was reading an article that majority of the MySQL clients will ask you for a password before allowing you access to the databases ect.
If you don't enter in a password it will in shorter explanation reject your password before verifying it with the database to prevent things like this happening.
Will keep poking around though! |
|
|
|
|
|
|
|
|
Posted: Sun Jun 24, 2007 2:10 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
This PoC relates to:
http://www.nextgenss.com/advisories/mysql-authbypass.txt
It gives you the possibility to have root privileges on mysql servers without knowing password. So this proof of concept exploit must be rewritten in order to do something useful, for example adding new root-privilieged account to mysql. And after that just log in as root and use mysql file-related functions to read and/or write arbitrary files to target server.
By the way, this bug is really old, you have hard time to find exploitable targets right now @ 2007. But you can try all the hackings on your local test computer with mysql vulnerable version installed. |
|
|
|
|
|
|
|
|
Posted: Sun Jun 24, 2007 2:37 pm |
|
|
blaxenet |
Active user |
|
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
|
|
|
|
waraxe wrote: | By the way, this bug is really old |
I was expecting a reply with that!
Although I have got a list of servers that are vulnerable to this
I'll certainly add testing this vulnerable version to my 'to do' list!
Thanks Waraxe! |
|
|
|
|
Posted: Tue Feb 15, 2011 9:29 am |
|
|
Frenkie |
Advanced user |
|
|
Joined: Nov 10, 2008 |
Posts: 60 |
|
|
|
|
|
|
|
Anyone have modified mysql client to connect for testing this security flaw. ?? |
|
|
|
|
www.waraxe.us Forum Index -> MySql
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|