MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability

info
discussion
exploit
solution
references

MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Exploit is available:

/data/vulnerabilities/exploits/hoagie_mysql.c