Go Back   Xisp.org Forums > Porn Password Cracking > Porn Password Cracking Help Section

I have another dumb question...

Reply
Views: 645 - Replies: 4  
Thread Tools Display Modes

I have another dumb question...
Old 06-14-2006, 05:29 AM   #1
oldshark
Guest
 
Posts: n/a
Threads: 5107
Default I have another dumb question...

This time I try to exploit a MySQL server. I found it's vulnerable to the zero-length password flaw (http://www.nessus.org/plugins/index.php?view=single&id=12639). The exploit codes from Milw0rm or Bugtraq just test to confirm the flaw by sending a modified packet to the server. I don't know how to really exploit it (connect to the server and make the SQLs). Please help me. Thanks in advance.
  Reply With Quote

Old 06-14-2006, 09:53 AM   #2
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

MySQL Authentication bypass through a zero-length password

Meaning, you are either able to bypass the authentication and log in mysql, or not. If it works, you will be able to log in there and you do sql commands from there. There's nothing misterious here really. What is the problem with their code?
  Reply With Quote

Old 06-14-2006, 09:44 PM   #3
oldshark
Guest
 
Posts: n/a
Threads: 5107
Unhappy

Quote:
Originally Posted by sPlico
MySQL Authentication bypass through a zero-length password

Meaning, you are either able to bypass the authentication and log in mysql, or not. If it works, you will be able to log in there and you do sql commands from there. There's nothing misterious here really. What is the problem with their code?
Thanks for your reply, sPlico.
This is the exploit code: http://www.milw0rm.com/exploits/311

And this is what I've got after running it:
http://imageh4ck.com/images/oldshark/mysqlbypass.jpg

I think I have to find an open-source MySQL client and embed the exploit code into it.
  Reply With Quote

Old 06-14-2006, 11:10 PM   #4
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

Obviously exploit works, so all you have to figure out now is how to login and run sql commands :P
  Reply With Quote

Old 06-14-2006, 11:50 PM   #5
oldshark
Guest
 
Posts: n/a
Threads: 5107
Talking

Quote:
Originally Posted by sPlico
Obviously exploit works, so all you have to figure out now is how to login and run sql commands :P
Yeah, I'm doing exactly that. Thank you again. :D
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 04:57 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org