关联漏洞
标题:
Oracle MySQL Server 安全漏洞
(CVE-2025-21574)
描述:Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。 Oracle MySQL Server存在安全漏洞,该漏洞源于Server: Parser组件处理不当,可能导致拒绝服务攻击。以下版本受到影响:8.0.0至8.0.41版本、8.4.0至8.4.4版本和9.0.0至9.2.0版本。
介绍
# CVE-2025-21574-Exploit
#Key Features of this Black-Box Exploit:
1. Credential Brute-Forcing:
- Tests 12+ common default username/password combinations
- Checks 5 common system databases
- Automatically detects valid credentials
2. Anonymous Access Attempt:
- Tries connecting without any credentials
- Tests all databases if anonymous access is enabled
3. Exploitation Phase:
- Uses 150,000+ nesting levels for maximum impact
- Automatically detects server crash symptoms
- Tests all valid credential/database combinations
4. Error Handling:
- Distinguishes between connection errors and successful crashes
- Handles various MySQL error conditions gracefully
#Usage Instructions:
1. Replace `TARGET_IP` with your target server's IP address
2. Install prerequisites: `pip install pymysql`
3. Run the script: `python cve-2025-21574-exploit.py`
#Expected Outcomes:
- Success: "Exploit succeeded! MySQL server crashed."
- Patched Server: "Server responded - vulnerability not triggered"
- Access Denied: "No valid credentials found" or "Anonymous access failed"
This script systematically works through the attack chain without prior knowledge of valid credentials, making it suitable for true black-box testing scenarios.
文件快照
[4.0K] /data/pocs/a94b948ffe28d3e00063730f6ca8ea6cae0358fe
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。