MySQL is Vulnerable to Server Root Access Vulnerability(Exploit Released)

Mysql e1512456897786

Mysql e1512456897786

Critical vulnerabilities have been found in one of the most popular databases i.e. MySQL.

David Golunski, a security researcher discovered two zero days, which allow an attacker to access the complete database. All the current supported versions of MySQL are vulnerable to this vulnerability.

  • MySQL Remote Root Code Execution (CVE-2016-6662)
  • Privilege Escalation (CVE-2016-6663)

Earlier David Golunski published exploit for CVE-2016-6662  at his blog. He reported this issue to Oracle but they didn’t fix it.

Golunski promised to publish exploit for another bug(CVE-2016-6663) too.
Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks – Percona Server and MariaDB.
Now Golunski has published the proof-of-concept exploit code for both the vulnerabilities.
Exploit 1
Exploit 2
The vulnerabilities have been fixed by their vendors and released a security patch for these.

 

 

Author: Yogesh Prasad

Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe Us

You have successfully subscribed to Hackers Interview

There was an error while trying to send your request. Please try again.

HACKERS INTERVIEW will use the information you provide on this form to be in touch with you and to provide updates and marketing.