what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 77 RSS Feed

Files

MySQL 5.0.x Denial Of Service
Posted Dec 5, 2013
Authored by Neil Kettle

MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability.

tags | exploit, remote, denial of service
advisories | CVE-2007-2583, OSVDB-34734
SHA-256 | fbd9482c8025c99f1db3846350ceee2b43d7498a1499d6e009ebd5dfd16c551d

Related Files

mysql-injection-newbies.txt
Posted Sep 3, 2008
Authored by SAM207

A tutorial written for newbies who wants to explore the m4d l33t world of SQL injection and have yet to even learn basic SQL commands.

tags | paper, sql injection
SHA-256 | c0a7f60cb48c9552397f1e532902b4520e369df3e949149b7d57db9e5e391b32
mysql_injection.pdf
Posted Jul 23, 2008
Authored by ka0x

Whitepaper discussing techniques for MySQL related SQL injection. Written in Spanish.

tags | paper, sql injection
SHA-256 | ee7e900283cc996a8c28c40c5884ac9c44ab2146723cc1d4733f97b3eed84f6d
mysqlo.zip
Posted Jan 5, 2008
Authored by Luigi Auriemma | Site aluigi.org

MySQL versions 6.0.3 and below pre-auth buffer overflow exploit that makes use of a vulnerability in yaSSL versions 1.7.5 and below.

tags | exploit, overflow
SHA-256 | 6dddbaba583b74f876426765e5ffcafc955183ca4dd0383b80ec714ed62e2285
mysqldumper-bypass.txt
Posted Jul 7, 2007
Authored by Henning Pingel, Lars Houmark

MySQLDumper suffers from a vulnerability access control set by Apache can be bypassed. MySQLDumper 1.23_pre_release_REV227, MySQLDumper 1.22, MySQLDumper 1.21b, and MySQLDumper Typo3-Extension 0.0.5 are affected.

tags | advisory, bypass
SHA-256 | e1fd27940c995a2c6095123f4bcba8081c0d55febd1d9cfa0a174b90a4b4cd62
MysqlDumper-1.21.txt
Posted Oct 17, 2006
Authored by Crackers_Child | Site sibersavacilar.com

MysqlDumper 1.21 suffers from cross site scripting in sql.php.

tags | exploit, php, xss
SHA-256 | a7355bebc2633b364ca0521ed3b214ce94a5383bc1e99d107f0eaeadceae1024
mysql_error.txt
Posted Oct 2, 2006
Authored by DarkFig | Site acid-root.new.fr

The mysql_error() function in php versions less than or equal to 4.4.4 and 5.1.6 can be used to conduct cross site scripting attacks.

tags | advisory, php, xss
SHA-256 | f4830cd8ef61eade1008ac84377a1498c2eca77d9dbe3e0ac01f416cdcbe05fe
mysqlExec.txt
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

MySQL server versions 5.0.20 and below suffer from information leakage and arbitrary command execution flaws.

tags | advisory, arbitrary
SHA-256 | 73926f323fd235433143abd52ed6b9430e45c62875f010bf2cd9188857a7813d
mysqlLeak.txt
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

MySQL server versions 4.1.18 and below and 5.0.20 and below suffer from an information leakage issue.

tags | advisory
SHA-256 | eb1d10694aff57e15a622b021c3784bf24605040a4da6933d54eafaa3b59792c
mysql-miner.pl
Posted Apr 12, 2006
Authored by amat

A perl script that automates the process of guessing MySQL tables through SQL injection by first determining the number of arguments in the SELECT statement and then brute forcing table names from a word list.

tags | perl, sql injection
systems | unix
SHA-256 | fdd14b591b7c68ba2d74637bacb8793812b3b32f62eef68d828062124764aa02
mysql5018.txt
Posted Mar 2, 2006
Authored by 1dt.w0lf | Site rst.void.ru

MySQL versions 5.0.18 and below suffer from a query logging bypass flaw.

tags | advisory
SHA-256 | 7e1967516440d73fa1a3f10d68c0811102cd228516f451ad259cb74d246b3c24
mysql-4x50.c
Posted Feb 26, 2006
Authored by Marco Ivaldi

Local privilege escalation exploit for MySQL 4.x and 5.0 that makes use of UDFs.

tags | exploit, local
SHA-256 | 259ac0290dd0e3e004ce1a3a8f637fde8c686703359f1c60679c5a45b6988645
mysql-05172005.txt
Posted Aug 14, 2005
Authored by Eric Romang

MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.

tags | advisory, local, sql injection
SHA-256 | a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131
mysqlEventum.txt
Posted Aug 5, 2005
Authored by James Bercegay | Site gulftech.org

MySQL AB Eventum versions 1.5.5 and below suffer from cross site scripting and SQL injection attacks.

tags | exploit, xss, sql injection
SHA-256 | 486b62670eba7e416965890cfa7d6c70e4ce802a5432ee1a9a47b3799b7d5e9d
mysqlDoS.txt
Posted Mar 22, 2005
Authored by Luca Ercoli

MySQL versions 4.1.x, 4.0.x, and 5.0.x are all susceptible to a denial of service attack due to a problem with handling device names.

tags | advisory, denial of service
SHA-256 | e7b0f006e157c78b597991a04a36c0cebb80da3406e01d2ed57a7bd477e1bf1f
mysqlCreatelibc.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

If an authenticated user has INSERT and DELETE privileges on an mysql administrative database, it is possible, by using the CREATE FUNCTION command, to take advantage of functions from libc in order to gain mysql user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | advisory
SHA-256 | 05ae9e22a0591885b9e526aefabcc601ce81851c4dcec3496411367507e6bb0a
mysqlCreateinject.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

If an authenticated user has INSERT and DELETE privileges on a mysql administrative database, it is possible to use a library located in an arbitrary directory using the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | advisory, arbitrary
SHA-256 | b6cd1438080f20142c162f5f1c30010bcc56c15eeb9a45e72e51b6759e1dc41f
MySQLguest.txt
Posted Sep 21, 2004
Authored by BliZZard

MySQLguest from AllWebscripts is vulnerable to an HTML injection flaw that is exposed via the entry submitting form due to a lack of proper sanitization.

tags | advisory
SHA-256 | adff55a9298359f4f057edc112d12bbf74c373c97e76c2d43184798b9bc21eec
mysql.authentication.bypass_client.c.diff
Posted Jul 8, 2004
Authored by bambam

A .diff file, applied to the MySQL 5.0.0-alpha source distribution will allow building a MySQL client that can be used to connect to a remote MySQL server with no password.

tags | exploit, remote
SHA-256 | 576c8349f99ca721889a85397e1a11e6091d306a88102e339b9bede903f555e3
MySQL.fingerprint.txt
Posted Feb 23, 2004
Authored by Tonu Samuel

Small write-up discussing methodology for fingerprint the type of MySQL database being used when exploiting SQL injection vulnerabilities.

tags | paper, vulnerability, sql injection
SHA-256 | 7b6c08f5a021bb61015822055f311d65f7fed8629c8880058789c73e4bb31bb8
mysqlpriv.txt
Posted Sep 13, 2003
Authored by Frank Denis | Site secunia.com

Secunia Research Advisory - A vulnerability in MySQL version 4.0.14 and below, due to a boundary error when checking passwords before hashing and storing them in the User table, can be exploited by malicious users to escalate their privileges via supplying a value longer than 16 characters using set password.

tags | advisory
SHA-256 | b38050cc8622e8b30bee6fe74ad079fbb83abe828e36d3b629f1c530345f520d
mysqlsuite.tgz
Posted Jan 4, 2003
Authored by dreyer

Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.

tags | exploit, remote, shell
systems | linux
SHA-256 | 5c2113bbb28fb3db28e5790a86c03b3c83871154d3a6e756b9d3bbcc18b27f48
mysql.4.0.5a.txt
Posted Dec 14, 2002
Authored by Stefan Esser | Site security.e-matters.de

The MySQL database versions <= 3.23.53a and <= 4.0.5a contains local and remote vulnerabilities allowing remote attackers to bypass the MySQL password check and execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability which allows '\0' to be written to any memory address allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient.

tags | advisory, remote, overflow, arbitrary, local, vulnerability, code execution
SHA-256 | b385bbffd26b7aac37dec468afd6558f47557fa4ccb25456b032f8f0f3e77828
mysqlfuck.c
Posted Aug 18, 2002
Authored by g0thm0g

MySQL is an open-source database produced by MySQL AB. MySQL AB provides binaries for the Windows platform which run out-of-the-box. However, the default configuration for these binaries leave MySQL wide open to attack in a number of ways: A null root password, a non-loopback-bound server, and no logging. Included in this advisory is source to demonstrate an attack using this information.

tags | tool, root
systems | windows, unix
SHA-256 | fe702c187a158be2974aa60ea624583d2e8944d1724d9566be580a09e054e03c
mysqlpassword.c
Posted Apr 9, 2001
Authored by Chris Given

MySQL brute force password cracker - Uses a dictionary attack against an encrypted mysql password.

tags | cracker
SHA-256 | d2d6a3f7496ba65f94690c6000b5539d0e0594cd880324e8e20d6d1758ca616f
mysql.txt
Posted Feb 10, 2000
Authored by Emphyrio

There exists a vulnerability in the password checking routines in the latest versions of the MySQL server, that allows any user on a host that is allowed to connect to the server, to skip password authentication, and access databases. All versions of MySQL up to 3.22.26a are vulnerable.

tags | exploit
SHA-256 | 5f5a4fb2100d5e175dc80ad904c3a600382a5f0b6c8153e8084244e2328cedac
Page 3 of 4
Back1234Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close