CVE-2016-6662 PoC — Oracle MySQL 远程代码执行漏洞/提权漏洞

Source

https://github.com/MAYASEVEN/CVE-2016-6662

Associated Vulnerability

Title:Oracle MySQL 远程代码执行漏洞/提权漏洞 (CVE-2016-6662)
Description:Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 Oracle MySQL中的配置文件（my.cnf）存在远程代码执行漏洞。攻击者（本地或远程）可通过授权访问MySQL数据库（网络连接或类似phpMyAdmin的Web接口）或SQL注入方式，利用该漏洞向配置文件中注入恶意的数据库配置，导致以root权限执行任意代码，完全控制受影响的服务器。以下版本受到影响:Oracle MySQL 5.5.52及之前的版本，5.6.x

Description

From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeN

Readme

# CVE-2016-6662
From SQL injection to root shell with CVE-2016-6662 by MaYaSeVeN
Proof of Concept: https://www.youtube.com/watch?v=lyc7GFE3q2U

File Snapshot


 [4.0K]  /data/pocs/99781f1601b1dee9f89e643bfe48e3f50271a212
├── [6.4K]  From SQL injection to root shell.py
├── [3.6K]  mysql_hookandroot_lib.c
├── [9.6K]  mysql_hookandroot_lib.so
└── [ 143]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!