MySQL password weakness

Added: 05/11/2009

Background

MySQL is an open-source database software package available for multiple platforms.

Problem

A MySQL database account has no password or an easily guessed password, allowing a remote attacker to make unauthorized queries.

Resolution

Set a strong password for all MySQL accounts.

References

http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
http://dev.mysql.com/doc/refman/5.0/en/user-names.html

Limitations

The mysql client program is required.

If successful, this exploit returns an SQL command shell, not an operating system command shell.
Back to exploit index