Tag Archives: CVE-2012-5613

Year 2012 Main Exploitable Vulnerabilities Interactive Timeline

Vulnerability Management, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

You can find, by clicking on the following image, a visualization timeline of the main exploitable vulnerabilities of year 2012.

Start date of a slide is corresponding to:

  • the date of discovery of the vulnerability, or
  • the date of report to the vendor, or
  • the date of public release of the vulnerability

End date of a slide is corresponding to:

  • the date of vendor security alert notification, or
  • the date of Metasploit integration, or
  • the date of fix, or
  • the date of PoC disclosure
Year 2012 Main Exploitable Vulnerabilities Interactive Timeline
Year 2012 Main Exploitable Vulnerabilities Interactive Timeline

CVE-2012-5613 MySQL Database Privilege Elevation 0day Exploit Demo

Exploits, , , ,

Timeline :

Vulnerability discovered by @kingcope
Vulnerability disclosed by @kingcope the 2012-12-01

PoC provided by :

kingcope

Reference(s) :

CVE-2012-5613
Full Disclosure Mailing-list
Red Hat Bugzilla

Affected version(s) :

MySQL 5.0
MySQL 5.1
Other ?

Tested on Centos 5.8 x86 with :

MySQL Server version 5.0.95 Source distribution

Description :

An attacker with access to a MySQL database through a user having some specific privileges, will be allowed, through this vulnerability to create a MySQL administrator user. The created user specified in the PoC script is by default “rootedbox2” with “rootedbox2” as password.

Commands :

On the target side :
CREATE DATABASE exampledb;
GRANT ALL PRIVILEGES ON exampledb.* TO user1@'192.168.178.26' IDENTIFIED BY 'test';
GRANT FILE ON *.* TO user1@'192.168.178.26' IDENTIFIED BY 'test'; 
FLUSH PRIVILEGES;

On the attacker side :
mysql -u user1 -h 192.168.178.34 -p exampledb -> allowed
mysql -u rootedbox2 -h 192.168.178.34 -p -> denied
perl mysql_privilege_elevation.pl 
mysql -u rootedbox2 -h 192.168.178.34 -p -> allowed