Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: MySQL compromise
From: Marco Ivaldi <raptor () mediaservice net>
Date: Tue, 15 Jan 2008 11:24:57 +0100 (ora solare Europa occidentale)

Clone,

On Tue, 8 Jan 2008, Laszlo KLOCK wrote:

Hi!

It's possible with mysql UDF-s, like this one:
http://www.0xdeadbeef.info/exploits/raptor_udf.c

On newer MySQL releases (starting from 4.1.10a and 4.0.24), you should use this instead:

http://www.0xdeadbeef.info/exploits/raptor_udf2.c

If your target MySQL is running on Windows, you'll probably be able to use this pre-packaged reverse shell and command execution UDF backdoor:

http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz

Cheers,

--
Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]