From: Marco Ivaldi (raptor@mediaservice.net)
Date: Tue Jan 15 2008 - 05:24:57 EST
Clone,
On Tue, 8 Jan 2008, Laszlo KLOCK wrote:
> Hi!
>
> It's possible with mysql UDF-s, like this one:
> http://www.0xdeadbeef.info/exploits/raptor_udf.c
On newer MySQL releases (starting from 4.1.10a and 4.0.24), you should use
this instead:
http://www.0xdeadbeef.info/exploits/raptor_udf2.c
If your target MySQL is running on Windows, you'll probably be able to use
this pre-packaged reverse shell and command execution UDF backdoor:
http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz
Cheers,
-- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT