Oracle MySQL UDF Payload Execution

Posted by deepcore on December 23, 2017 – 3:23 am

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT … into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://division5.immigration.go.th/README.txt eBPF Arbitrary Read/Write Via Incorrect Range Tracking »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Oracle MySQL UDF Payload Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL