CVE-2021-2471 PoC — Oracle MySQL 输入验证错误漏洞

Source

https://github.com/cckuailong/CVE-2021-2471

Associated Vulnerability

Title:Oracle MySQL 输入验证错误漏洞 (CVE-2021-2471)
Description:Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。MySQL Connectors是其中的一个连接使用MySQL的应用程序的驱动程序。 Oracle MySQL 的 MySQL Connectors 产品中存在输入验证错误漏洞，该漏洞允许高特权攻击者通过多种协议访问网络来破坏 MySQL 连接器。成功攻击此漏洞会导致对关键数据的未授权访问或对所有 MySQL 连接器可访问数据的完全访问，以及导致 MySQL 连接器挂起或频繁重复崩溃。

Readme

# CVE-2021-2471 maven环境

[复现过程here](https://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247484645&idx=1&sn=e2c07a74dae39ab1bc5fb20ad9e586bd&chksm=c08881aff7ff08b9568d3cc10a983c03b174b33a53def432680401dd95f1a1a975c90c5319c8&token=1980528316&lang=zh_CN#rd)




参考环境：https://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe

File Snapshot


 [4.0K]  /data/pocs/9e9a2ca5813a70be4591ee6f7b9dcec0a8a71087
├── [  80]  jdbc-xxe.iml
├── [2.3K]  pom.xml
├── [ 346]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   ├── [ 657]  MySQLConnectorJFactory.java
        │   └── [ 993]  OracleJDBC.java
        └── [4.0K]  webapp
            ├── [  52]  index.jsp
            └── [4.0K]  WEB-INF
                └── [ 215]  web.xml

5 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!