Penetration Testing mailing list archives
Re: MySQL compromise
From: Marco Ivaldi <raptor () mediaservice net>
Date: Tue, 15 Jan 2008 11:24:57 +0100 (ora solare Europa occidentale)
Clone, On Tue, 8 Jan 2008, Laszlo KLOCK wrote:
Hi! It's possible with mysql UDF-s, like this one: http://www.0xdeadbeef.info/exploits/raptor_udf.c
On newer MySQL releases (starting from 4.1.10a and 4.0.24), you should use this instead:
http://www.0xdeadbeef.info/exploits/raptor_udf2.cIf your target MySQL is running on Windows, you'll probably be able to use this pre-packaged reverse shell and command execution UDF backdoor:
http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz Cheers, -- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
- Re: MySQL compromise Jon Hart (Jan 10)
- Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
- Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)
- Re: MySQL compromise Josh Miller (Jan 09)