Abusing? MySQL 3.23.28-gamma

From: Arturo \ (buanzo@buanzo.com.ar)
Date: 09/24/01 

Message-ID: <001301c1450f$9e247560$83702ac8@fbi>
From: "Arturo \"Buanzo\" Busleiman" <buanzo@buanzo.com.ar>
To: <pen-test@securityfocus.com>
Subject: Abusing? MySQL 3.23.28-gamma
Date: Mon, 24 Sep 2001 12:43:06 -0300

Hi everybody.

I was contracted by an enterprise to conduct a simple pentest, and I came
across a really stupid MySQL installation: fully accesable from the outside
and a really sillu user/password combination (user=pass......).

I need to demonstrate not only the capability to drop databases and modify
data, but to execute system commands and/or get files not accesable via
web-server. I've thought of creating a table specifically designed to load
infile /etc/passwd, for example, but I didn't like this approach after
thinking about it for a nanosecond :)

Any ideas?

BTW, I searched the BID but nothing interesting showed up.

Thank you!

bye.....

Arturo "Buanzo" Busleiman
Linux USERS, MP Ediciones
Moderador de Seguridad@alipso.com
Gerente de Sistemas y Seguridad de Turcin y asociados
http://www.turcin.com.ar
Come visit my personal site (Spanish) http://www.buanzo.com.ar

>> INFUSION Rock-Alternativo: http://www.infusionalternativa.com.ar

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)