From f3e8d6db705de334222993c2abdc84512cc2f67c Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 1 May 2009 16:29:45 +0000 Subject: [PATCH] Fixed MySQL comment injection --- extra/mysqludfsys/command_execution/linux.sql | 3 ++- plugins/dbms/mysql.py | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/extra/mysqludfsys/command_execution/linux.sql b/extra/mysqludfsys/command_execution/linux.sql index 892d6f181..593c0706d 100644 --- a/extra/mysqludfsys/command_execution/linux.sql +++ b/extra/mysqludfsys/command_execution/linux.sql @@ -46,7 +46,8 @@ UPDATE udftest SET data=CONCAT(data,0x000000000000000004000000000000006500000001 -- -- Note that /TODO/plugin DOES NOT -- exist by default so it is NOT possible to save the SO in the proper --- folder where MySQL server looks for SOs. +-- folder where MySQL server looks for SOs. +-- SHOW VARIABLES WHERE variable_name='plugin_dir'; -- -- References: -- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html diff --git a/plugins/dbms/mysql.py b/plugins/dbms/mysql.py index f6037a812..18ebef644 100644 --- a/plugins/dbms/mysql.py +++ b/plugins/dbms/mysql.py @@ -146,15 +146,16 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): return None - # MySQL valid versions updated on 02/2009 + # MySQL valid versions updated on 05/2009 versions = ( (32200, 32233), # MySQL 3.22 (32300, 32359), # MySQL 3.23 (40000, 40031), # MySQL 4.0 (40100, 40122), # MySQL 4.1 (50000, 50077), # MySQL 5.0 - (50100, 50132), # MySQL 5.1 - (60000, 60009), # MySQL 6.0 + (50100, 50134), # MySQL 5.1 + (50400, 50401), # MySQL 5.4 + (60000, 60010), # MySQL 6.0 ) for element in versions: @@ -206,7 +207,6 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): value += actVer return value - # TODO: comment injection fingerprint is broken, fix comVer = self.__commentCheck() blank = " " * 15 value += "active fingerprint: %s" % actVer