Last week there was a lot to do on MySQL and the load_file() function on our blog, we found ways of generating DNS and ARP packets…
More+Both me and my fellow researcher Mathias have heard all from “It’s impossible to make DNS requests in MySQL” to “There is no out-of-band techniques for MySQL”. So we both thought “Hey, it can’t be that hard…” So ladies and gentlemen, here’s a (so far) theory on a MySQL out-of-band request. As long as you have the File_priv set to Y in MySQL it is a possible scenario. So let’s…
More+Yes, this might come as a spoiler, but me, Mathias and Kasper are currently researching in the Cellular area. Enough of that at the moment. Anyway, whilst we read through RFC’s and wikipages, we stumbled upon this specific page containing…
More+Yes, everything running on TCP/IP is in theory vulnerable to SYN-flood attacks. For those of you who don’t know what it is, wikipedia explained it like this: “(…) The SYN flood is a well known type of attack and is generally not effective against modern networks. It works if a server allocates resources after receiving a SYN, but before it has received the ACK.”
More+It’s possible to write and read files to remote locations in your network through the INTO OUTFILE and LOAD_FILE() features, in MySQL. This has only been tested in MySQL 5.1.37 in Microsoft Windows 7, but it’s possible that older/newer versions of MySQL on other platforms got the same unexpected feature. I haven’t heard about this, but it feels bad. Here’s a PoC:
More+