Nmap Development mailing list archives
Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22
From: Martin Holst Swende <martin () swende se>
Date: Mon, 11 Jun 2012 12:53:38 +0200
Hi, First I got this error using nmap 6.00: NSE: 'mysql-vuln-cve2012-2122' (thread: 0x1ff2e80) against 127.0.0.1:3306 threw an error! /usr/local/bin/../share/nmap/nselib/strict.lua:65: variable 'formatResultset' is not declared stack traceback: [C]: in function 'error' /usr/local/bin/../share/nmap/nselib/strict.lua:69: in function </usr/local/bin/../share/nmap/nselib/strict.lua:60> /usr/local/bin/../share/nmap/nselib/strict.lua:65: in function </usr/local/bin/../share/nmap/nselib/strict.lua:60> mysql-vuln-cve2012-2122.nse:136: in function <mysql-vuln-cve2012-2122.nse:80> (tail call): ? After updating, everything worked fine! Good work. A question regarding the categories : unless account lockout after a number of tries is enabled, this could go in the "safe" category, right? As I understand it, account lockout is not a feature in MySql (but available as a plugin), so maybe this could be "safe" aswell? Regards, Martin On 06/11/2012 10:45 AM, Paulino Calderon wrote:
After testing from a remote connection I realized the iteration counter needed to be way bigger. I also left additional debug messages that were added when troubleshooting. Cheers. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Aleksandar Nikolic (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Patrik Karlsson (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Martin Holst Swende (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Ron (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 David Fifield (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 12)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)