CVE-2016-6662 PoC — Oracle MySQL 远程代码执行漏洞/提权漏洞

Source

https://github.com/KosukeShimofuji/CVE-2016-6662

Associated Vulnerability

Title:Oracle MySQL 远程代码执行漏洞/提权漏洞 (CVE-2016-6662)
Description:Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 Oracle MySQL中的配置文件（my.cnf）存在远程代码执行漏洞。攻击者（本地或远程）可通过授权访问MySQL数据库（网络连接或类似phpMyAdmin的Web接口）或SQL注入方式，利用该漏洞向配置文件中注入恶意的数据库配置，导致以root权限执行任意代码，完全控制受影响的服务器。以下版本受到影响:Oracle MySQL 5.5.52及之前的版本，5.6.x

Description

research CVE-2016-6662

File Snapshot


 [4.0K]  /data/pocs/5fa4d5ed1e6e37374cf66fe162b08a154943a3ac
└── [4.0K]  ansible
    ├── [ 165]  ansible.cfg
    ├── [ 261]  development
    ├── [4.0K]  group_vars
    │   └── [   4]  all.yml
    ├── [4.0K]  host_vars
    │   ├── [  74]  attacker.test
    │   └── [  99]  scapegoat.test
    ├── [   0]  production
    ├── [4.0K]  roles
    │   ├── [4.0K]  common
    │   │   └── [4.0K]  tasks
    │   │       └── [1.2K]  main.yml
    │   ├── [4.0K]  login_user
    │   │   ├── [4.0K]  files
    │   │   │   ├── [1.2K]  _bashrc
    │   │   │   └── [6.1K]  _vimrc
    │   │   └── [4.0K]  tasks
    │   │       └── [1.7K]  main.yml
    │   ├── [4.0K]  mysql
    │   │   ├── [4.0K]  tasks
    │   │   │   └── [ 383]  main.yml
    │   │   └── [4.0K]  templates
    │   │       └── [ 115]  my.cnf
    │   ├── [4.0K]  python
    │   │   └── [4.0K]  tasks
    │   │       └── [1.2K]  main.yml
    │   └── [4.0K]  ruby
    │       └── [4.0K]  tasks
    │           └── [1.1K]  main.yml
    ├── [  14]  site.retry
    ├── [ 240]  site.yml
    ├── [   0]  stage
    └── [ 600]  Vagrantfile

16 directories, 18 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!