Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-5613 PoC — Oracle MySQL 配置错误漏洞

Source
https://github.com/Hood3dRob1n/MySQL-Fu.rb
Associated Vulnerability
Title:Oracle MySQL 配置错误漏洞 (CVE-2012-5613)
Description:MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
Description
MySQL-Fu is a Ruby based MySQL Client Script I wrote.  It does most of the stuff a normal MySQL client might do: SQL Shell, Update/Delete/Drop Database/Table, Add/Delete Users, Dump Database(s)/Table w/ option for gzip...... Plus a few extra options  to make life a little easier for pentests. Includes Several builtin PHP Command Shell options as well as Pentestmonkey's PHP Reverse Shell, in addition to multiple options for file writing and reading (all files read logged locally for offline analysis later), also includes Ruby port of Kingcope's CVE-2012-5613 Linux MySQL Privilege Escalation Exploit.
Readme
MySQL-Fu.rb
===========

MySQL-Fu is a Ruby based MySQL Client Script I wrote.

It does most of the stuff a normal MySQL client might do: SQL Shell, Update/Delete/Drop Database/Table, Add/Delete Users, Dump Database(s)/Table w/ option for gzip......

Plus a few extra options  to make life a little easier for pentests. 

Includes Several builtin PHP Command Shell options as well as Pentestmonkey's PHP Reverse Shell, in addition to multiple options for file writing and reading (all files read logged locally for offline analysis later), also includes Ruby port of Kingcope's CVE-2012-5613 Linux MySQL Privilege Escalation Exploit.
File Snapshot

 [4.0K]  /data/pocs/6f95f14ec20faa7abf02472ef6ff46ac831b06d2
├── [ 71K]  MySQL-Fu.rb
├── [ 634]  README.md
└── [2.3K]  usage.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →