Penetration Testing mailing list archives
Re: MySQL compromise
From: "Laszlo KLOCK" <laci.klock () gmail com>
Date: Tue, 8 Jan 2008 18:23:04 +0100
Hi! It's possible with mysql UDF-s, like this one: http://www.0xdeadbeef.info/exploits/raptor_udf.c On 1/4/08, Clone <c70n3 () yahoo co in> wrote:
Hello guys, I'm doing a pen-test. I have compromised a remote mysql server ver 4.x doing password cracking. Is there anything I can do like xp_cmdshell in MSSQL to run OS or network commands? Is there a way to compromise their internal network from here? Clone Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Udv. klaci "Life's unfair - but root password helps!" ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
- Re: MySQL compromise Jon Hart (Jan 10)
- Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
- Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)
- Re: MySQL compromise Josh Miller (Jan 09)