49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-mysql
|
|
|
|
info:
|
|
name: MySQL - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
MySQL is an open-source relational database management system (RDBMS) that uses structured query language (SQL) for managing and manipulating data. It is widely used for web applications and is known for its reliability, ease of use, and performance. MySQL is a popular choice for database-driven applications and is supported on various platforms.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/mysql/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,mysql,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
mysql -e '\! whoami'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo mysql -e '\! whoami'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4a0a0047304502205cfddd58041ea672c83a850b34e77b9b635e71f934118d2a1ab9ab3ca660e13b022100eec2e1232af1d0b4686fc284278197db41fa3a289488abb2936a1186b85e3e26:922c64590222798bb761d5b6d8e72950 |