Video PoC Exploit for the MySQL / MariaDB / Percona vulnerabilities:
Discovered by
Dawid Golunski
The video shows the ease of exploitation of the race condition CVE-2016-6663 vulnerability on MySQL / MariaDB / Percona databases
despite a seemingly short time window to take advantage of the unsafe file operations performed by the affected databases.
In the video, the race gets exploited on each of the target databases (MySQL/MariaDB/Percona) in turn (i.e. the CVE-2016-6663 exploit is
run 3 times on 3 different deployments).
It shows that it typically does not take more than a few seconds to exploit the vulnerability and gain 'mysql' system shell.
From there an attacker could escalate to root system account due to CVE-2016-6664 vulnerability as presented on the example of the last target
in the video (Percona). Alternatively they could use the previously published root exploit for CVE-2016-6662 vuln (not shown/used in the video).
In the presented scenario, an attacker gains access to the target systems via a vulnerable web application (vulnerable File Upload feature).
The vulnerability could be exploited even more easily in a shared hosting environment (multiple databases hosted on the same server) in which they
would already have access to the system.
More information on all of these issues can be found in the respective advisories published on
https://legalhackers.com
Thanks for watching
To receive updates on these as well as new vulnerabilities
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<-- BACK TO legalhackers.com