Oracle MySQL on Linux suffers from a heap overrun vulnerability.
aa61b4faa2cc9c52276bbcea35e5861199148c06c5182c06981f429b55af2c0eOracle MySQL versions 5.1 and 5.5 remote Windows SYSTEM level exploit.
f3023f8e5dad3f5eb619145479b0d58584e658bc580c2f13e14122becac5c7b0MySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.
9ef08e7e97feb92f78a981eb4bf8bf5381847ef326753e6e48890bc57bb3df6eMySQL remote root authentication bypass exploit.
fa8a07437a078edcac9f7f432c70a04cd4fc7c1f42f36d254d4fa9efe0c46b18MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
e6b0a6d0eb5642150f170e010552ff83ed91020020af670d6d374c55c6a6add5MySQL version 5.5.8 remote denial of service proof of concept exploit.
e47dc3eb176f47a4d695cb60327c8ceca93506e42b7b61b174b504ddbbd485fdMySQL.com suffered from a remote blind SQL injection vulnerability.
c12cb947f8d7991ebab12da7bd232f56b1ba2144aa99196a42cfff37298a17fbThis Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL (=< 5.5.9), directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.
f8fac6ece5e7759e092fdf7d42b1c758a65c1c18f72811b790103380f29a9be0Whitepaper called Advanced MySQL Exploitation.
eeed1189d006c0343e26e681e5c40d6acc19a93e76346607fc677f073a104192This is a short tutorial called MySQL Injection - Simple Load File and Into OutFile.
6866aa8f28dcac6458750046b3125a824fcea99b3aedbddd27f63076b1098e76Whitepaper on MySQL Injection.
47f2ac228809e1ca8b66fa4d0e2d9a834001be7702c8081a84dd3e6aa422e3fcWhitepaper called MySQL Injection Tutorial. Written in Portuguese.
0df4af51e4285ae2d4430f8a8cdfd67da28e3b64df5895574861a008661dad06This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL.
868f484555ca4e2ef05eee6be5d7e2e2ec89c6ff75cf71a830c02560e0887213This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
8b56d9e271eea43f1c56b4b45991c680b198e3681ff3e9ad94e03dd50625addcThis Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL versions 6.0 and below. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
06f5a48bebc46ac67880ab01c20b9c8364bb1d058a880b53cb7c21ec66b5eedfBrief whitepaper discussing SQL injection in MySQL. Written in Indonesian.
19938f7e92bbeb6464cfd177e05a082c218aaa070c80f9de4fbf08073411fca5MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute Metasploit shellcodes through the MySQL SQL Injection vulnerabilities.
97e06597309a5714f14fba6fa3ea6ae49105d79129f7455ebc3be206b0cab04aMySQL version 5.0.45 suffers from a format string vulnerability. Proof of concept demonstration code is provided.
2d52aab1c12be86bae2773c2634920d09db2b48caae9a13142cc7e61c1976c38Whitepaper called MySQL: Secure Web Apps - SQL Injection Techniques.
0930f3a77eb458da8c9b9a814769e7cd4e1235ac3871a8c0be819bd5167283ffMySQL double SHA1 hash wordlist brute forcer written in Python.
afcfbc5a783d545c8a6a3404d7e232dda3fe4597586a7315883e33e42402ab41MySQL version 3.23 hash wordlist cracking utility written in Python.
6773da8b007a1b761b04d1a7a42a40337d23fcb1d34eec0641e2de2c5c59273fMySQL version 5 hash wordlist cracking utility written in Python.
bece4dda62e10bba5c85577081a3cd915d714d07556356d223bf79971820a267MySQL Quick Admin version 1.5.5 suffers from a local file inclusion vulnerability.
634617d7adea7453287a9ccd2c0ea33899100d0b0389c13bc8bdff9f194fd174Quick little MySQL fuzzing utility that creates sockets and fuzzers on the fly.
15405e4927cb4b5b834139904c6fa76a7c7a2d33cfddb4d8878f3376b025779eMySQL Quick Admin versions 1.5.5 and below suffer from a local file inclusion vulnerability.
2ad181de80cb9d0e27584a64dc336c408fb7f7b8cfa161472744ed4f4cf83315Short write up discussing MySQL character set truncation vulnerabilities.
1553a1e8d1d0ff34395194b38aa66753f806fd86e6b26acf190557782c16897b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed