Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-2471 PoC — Oracle MySQL 输入验证错误漏洞

Source
https://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe
Associated Vulnerability
Title:Oracle MySQL 输入验证错误漏洞 (CVE-2021-2471)
Description:Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。MySQL Connectors是其中的一个连接使用MySQL的应用程序的驱动程序。 Oracle MySQL 的 MySQL Connectors 产品中存在输入验证错误漏洞,该漏洞允许高特权攻击者通过多种协议访问网络来破坏 MySQL 连接器。成功攻击此漏洞会导致对关键数据的未授权访问或对所有 MySQL 连接器可访问数据的完全访问,以及导致 MySQL 连接器挂起或频繁重复崩溃。
Description
h2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction.
Readme
# jdbc-sqlxml-xxe
- h2-jdbc (CVE-2021-23463) (https://github.com/h2database/h2database/issues/3195) SQLXML XXE vulnerability reproduction. 
- mysql-jdbc (CVE-2021-2471) SQLXML XXE vulnerability reproduction.
File Snapshot

 [4.0K]  /data/pocs/bd0bca6e0ac29aba0d9b9526adb60edb55897fb0
├── [ 603]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       └── [ 200]  gradle-wrapper.properties
├── [5.6K]  gradlew
├── [2.6K]  gradlew.bat
├── [ 11K]  LICENSE
├── [ 208]  README.md
├── [  38]  settings.gradle
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  me
        │       └── [4.0K]  threedr3am
        │           └── [4.0K]  bug
        │               └── [4.0K]  jdbc
        │                   └── [4.0K]  sqlxml
        │                       └── [4.0K]  xxe
        │                           ├── [4.0K]  h2
        │                           │   ├── [ 757]  H2ConnectorFactory.java
        │                           │   └── [ 963]  H2JDBC.java
        │                           └── [4.0K]  oracle
        │                               ├── [ 710]  MySQLConnectorJFactory.java
        │                               └── [1.0K]  OracleJDBC.java
        └── [4.0K]  resources
            ├── [ 147]  data.sql
            └── [ 148]  schema.sql

14 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.