Re: Abusing? MySQL 3.23.28-gamma

From: rudi carell (rudicarell@hotmail.com)
Date: 09/25/01

• Previous message: Security News: "Opinions on ClicktoSecure's Hailstorm Product"
• Maybe in reply to: Arturo \: "Abusing? MySQL 3.23.28-gamma"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "rudi carell" <rudicarell@hotmail.com>
To: buanzo@buanzo.com.ar, pen-test@securityfocus.com
Subject: Re: Abusing? MySQL 3.23.28-gamma
Date: Tue, 25 Sep 2001 08:40:17 
Message-ID: <F53C98Bi89QtpfTYSl100007238@hotmail.com>

hola,

This should work on most systems.
If it does not work, you should try to find a more priviledged user-account.

1) Create a new table "name" with one huge character or text field;

2) Insert your favourite string .. INSERT INTO name VALUES("whatever you
want");

3) Select above into file .. SELECT * FROM name INTO OUTFILE
'/dir/file.ext';

if you have a web-server running on the same machine it should be possible
to create a server-side script (asp,php,ssi oO.) for your intention.

if this specific account is not allowed to use "INTO OUTFILE" try to
escalate the privs.

rc

security@freefly.com
http://www.freefly.com/security/

>Hi everybody.
>I need to demonstrate not only the capability to drop databases and >modify
>data, but to execute system commands and/or get files not accesable >via
>web-server.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: Security News: "Opinions on ClicktoSecure's Hailstorm Product"
• Maybe in reply to: Arturo \: "Abusing? MySQL 3.23.28-gamma"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: faster scans? (nmap) ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: pen test help please asap ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: ettercap help ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: ettercap help ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Wardialing ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2001-09