tags 380507 + unreproducible moreinfo
stop

Hello Patrick

On 2006-07-30 Patrick Matthäi wrote:
> http://www.milw0rm.com/exploits/311
> With this exploit it's able to authenticate with the mysql server 
> without any password.

I cannot reproduce this behaviour. Which version do you use, this?
  # dpkg -s mysql-server-4.1 | grep Version
  Version: 4.1.11a-4sarge5


> Log:
> [EMAIL PROTECTED]:~$ ./mysql.pl perl *********
Did you use more than your IP or your hostname as "***"?
 
> It's an old exploit but the sargeversion is still exploitable.
It should have been fixed in 4.1.3 long before the Sarge release.

I get:
 
$ ./milw0rm311.pl root app109
Using default MySQL port (3306)
Received greeting:
00000000        47 00 00 00 0A 34 2E 31 2E 31 31 2D 44 65 62 69
00000010        61 6E 5F 34 73 61 72 67 65 35 2D 6C 6F 67 00 0D
00000020        00 00 00 6C 56 4A 51 36 58 3B 5E 00 2C A2 08 02
00000030        00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 23
00000040        79 5A 39 4B 4E 27 76 3F 73 48 00

Sending caps packet:
00000000        3A 00 00 01 85 A6 03 00 00 00 00 01 08 00 00 00
00000010        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000020        00 00 00 00 72 6F 6F 74 00 14 00 00 00 00 00 00
00000030        00 00 00 00 00 00 00 00 00 00 00 00 00 00

Received reply:
00000000        45 00 00 02 FF 15 04 23 32 38 30 30 30 41 63 63
00000010        65 73 73 20 64 65 6E 69 65 64 20 66 6F 72 20 75
00000020        73 65 72 20 27 72 6F 6F 74 27 40 27 61 70 70 31
00000030        30 39 27 20 28 75 73 69 6E 67 20 70 61 73 73 77
00000040        6F 72 64 3A 20 59 45 53 29
Authentication failed!


bye,

-christian-

Reply via email to