Twitter | Search | |
gwillem 17 Jan 19
Found a vulnerability in popular database manager Adminer, Magecart hackers rejoice and use it for a skimming spree. Upgrade and/or close your public adminer.php's asap.
Reply Retweet Like
gwillem 17 Jan 19
Replying to @gwillem
And here's the actual handshake with the evil MySQL server
Reply Retweet Like
gwillem 18 Jan 19
Replying to @gwillem
Wonder if it would be possible to induce other clients to hand over local files. I don't understand the MySQL protocol here, why would the server supply a filename local to the client.
Reply Retweet Like
gwillem
So the answer is YES. Mysql docs even explicitly state it 😬Thanks to Adminer's author for pointing that out:
Reply Retweet Like More
gwillem 18 Jan 19
Replying to @gwillem
TL;DR: your MySQL server has access to all of your files. Would be nice to set up a honeypot, to trap fraudsters scanning for open MySQL servers
Reply Retweet Like
Ryan Hoerr 18 Jan 19
Replying to @gwillem @jakubvrana
That's incredible.
Reply Retweet Like
Cole G. Wippern 19 Jan 19
Replying to @gwillem @jakubvrana
Woah had no idea LOAD could be used this wau; noticed this on that same doc page. I wonder if most distributed clients are compiled with the option enabled or disabled.
Reply Retweet Like
Cole G. Wippern 20 Jan 19
Replying to @gwillem @jakubvrana
A colleague of mine dug up some more interesting info; The issues exists in (at least) versions 5.5, 5.6, 5.7, and 8.0 While the default is indeed that this behavior is disabled for clients in version 8.0, that is a relatively recent change
Reply Retweet Like
Julien Goodwin 20 Jan 19
Replying to @gwillem @jakubvrana
Similar to the recent SCP thing. Wonder how many more are out there.
Reply Retweet Like
Jean-Noé Kollo 20 Jan 19
Replying to @gwillem @jakubvrana
Crazy
Reply Retweet Like