Penetration Testing mailing list archives

Re: [PEN-TEST] Mysql version utility

From: Jonathan Leto <jonathan () leto net>
Date: Sun, 29 Oct 2000 18:55:17 -0500

After ten "telnet 3306" you will be denied acces until they
do a flush hosts because it is an invalid connect . Doesn't
really matter, but for testing it is a pain in the ass.
Also, you wouldn't know the protocol version.


 Jacob Martinson (jmartinson () aperian com) was saying:

why not just telnet to port 3306?

-jacob

-----Original Message-----
From: Jonathan Leto [mailto:jonathan () LETO NET]
Sent: Sunday, October 29, 2000 3:33 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Mysql version utility

Hello all, I wrote a small utility to find out the version of mysql on a
remote server.

From some testing that I did, a lot of webhosting companies do not block the

outside
world from the mysql port, which is generally a bad thing. Most of them were
running
old versions with the single character password vulnerability.


http://www.leto.net/code/yoursql-0.3.tar.gz


--
jonathan () leto net
"With pain comes clarity."


--
jonathan () leto net
"With pain comes clarity."

Current thread:

[PEN-TEST] Mysql version utility Jonathan Leto (Oct 31)
- <Possible follow-ups>
- Re: [PEN-TEST] Mysql version utility Jacob Martinson (Oct 31)
  - Re: [PEN-TEST] Mysql version utility Jonathan Leto (Oct 31)
- Re: [PEN-TEST] Mysql version utility Jacob Martinson (Oct 31)
  - Re: [PEN-TEST] Mysql version utility Ted Behling (Oct 31)