Christmas is coming and Santa brought us a new interesting vulnerability about another database system: today it's the turn of one of the most spread and used RDBMS, MySQL.
MySQL 5 is in fact prone to a remote command execution vulnerability.
This vulnerability has been tested on Linux, with MySQL versions 5.0.45 and 5.0.51, the latest one.
This is a pre-authentication vulnerability so you won't even need a valid username and password but a GRANT from your IP on the database, to let the connection start.
Like all the database softwares, you won't find so many MySQL's exposed on the internet, while it can be very common in a Local Area Network.
Also, MySQL is often used in web application development, so most (all?) of the web hosting providers sell access to the MySQL server together with the web space.
By exploiting this vulnerability you will be able to access the content of all the databases present on the DBMS without needing a local privilege escalation since the files on the filesystem containing the database data are owned by the same user running MySQL.
If you buy this vulnerability you will receive a fully working PoC and all the technical details.
Of course, for further information don't hesitate to contact us via e-mail, and if you want to make a bid on the vulnerability, do it here.
12/19/2007
Focus On: MySQL remote code execution
Posted by WabiSabiLabi Staff at 5:24 PM 1 comments
Subscribe to:
Posts (Atom)