Video PoC Exploit for the MySQL / MariaDB / Percona vulnerabilities:


* CVE-2016-6663 / CVE-2016-5616 - Privilege Escalation via Race Condition

* CVE-2016-6664 / CVE-2016-5617 - Root Privilege Escalation


Discovered by Dawid Golunski



The video shows the ease of exploitation of the race condition CVE-2016-6663 vulnerability on MySQL / MariaDB / Percona databases despite a seemingly short time window to take advantage of the unsafe file operations performed by the affected databases.
In the video, the race gets exploited on each of the target databases (MySQL/MariaDB/Percona) in turn (i.e. the CVE-2016-6663 exploit is run 3 times on 3 different deployments). It shows that it typically does not take more than a few seconds to exploit the vulnerability and gain 'mysql' system shell.

From there an attacker could escalate to root system account due to CVE-2016-6664 vulnerability as presented on the example of the last target in the video (Percona). Alternatively they could use the previously published root exploit for CVE-2016-6662 vuln (not shown/used in the video).

In the presented scenario, an attacker gains access to the target systems via a vulnerable web application (vulnerable File Upload feature). The vulnerability could be exploited even more easily in a shared hosting environment (multiple databases hosted on the same server) in which they would already have access to the system.

More information on all of these issues can be found in the respective advisories published on

https://legalhackers.com





Thanks for watching


To receive updates on these as well as new vulnerabilities







<-- BACK TO legalhackers.com