CVE-2021-2471 PoC — Oracle MySQL 输入验证错误漏洞

Source

https://github.com/cckuailong/CVE-2021-2471

Associated Vulnerability

Title:Oracle MySQL 输入验证错误漏洞 (CVE-2021-2471)
Description:Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

Readme

# CVE-2021-2471 maven环境

[复现过程here](https://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247484645&idx=1&sn=e2c07a74dae39ab1bc5fb20ad9e586bd&chksm=c08881aff7ff08b9568d3cc10a983c03b174b33a53def432680401dd95f1a1a975c90c5319c8&token=1980528316&lang=zh_CN#rd)




参考环境：https://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe

File Snapshot


 [4.0K]  /data/pocs/9e9a2ca5813a70be4591ee6f7b9dcec0a8a71087
├── [  80]  jdbc-xxe.iml
├── [2.3K]  pom.xml
├── [ 346]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   ├── [ 657]  MySQLConnectorJFactory.java
        │   └── [ 993]  OracleJDBC.java
        └── [4.0K]  webapp
            ├── [  52]  index.jsp
            └── [4.0K]  WEB-INF
                └── [ 215]  web.xml

5 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!