From: Jon Hart (warchild@spoofed.org)
Date: Tue Sep 16 2003 - 16:40:48 EDT
Howdy,
I was up against a situation earlier today where I wanted to show that a
mysql server with the 'test' database still available can be used as a
warez server and can be used as a file upload/download vector for
(potentially) heavily fortified hosts.
I couldn't think of anything mysql-wise that would conveniently let me
do this, nor could I find any tools that would let me do this. I
figured that, since I already knew exactly how I could implement this,
it'd probably be faster if I just wrote my own instead of scouring the
web looking for some code to do this.
Just to clarify, when I say "used as a warez server" or "file
upload/download vector", I mean storing the file data in a database.
And no, not just in one huge field either. I mean taking a file
locally, chunking it up and storing it your database, and then later
retrieving it.
So, I wrote this:
My question is, how badly did I re-reinvent the wheel?
tia,
-jon
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT