Abusing? MySQL 3.23.28-gamma

["Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>]

Hi everybody.

I was contracted by an enterprise to conduct a simple pentest, and I came
across a really stupid MySQL installation: fully accesable from the outside
and a really sillu user/password combination (user=pass......).

I need to demonstrate not only the capability to drop databases and modify
data, but to execute system commands and/or get files not accesable via
web-server. I've thought of creating a table specifically designed to load
infile /etc/passwd, for example, but I didn't like this approach after
thinking about it for a nanosecond :)

Any ideas?

BTW, I searched the BID but nothing interesting showed up.

Thank you!

bye.....

Arturo "Buanzo" Busleiman
Linux USERS, MP Ediciones
Moderador de Seguridad () alipso com
Gerente de Sistemas y Seguridad de Turcin y asociados
http://www.turcin.com.ar
Come visit my personal site (Spanish) http://www.buanzo.com.ar

> > INFUSION Rock-Alternativo: http://www.infusionalternativa.com.ar



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/