MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)
# Published : 2007-02-06
# Author : Marco Ivaldi
# Previous Title : SAP Web Application Server 6.40 Arbitrary File Disclosure Exploit
# Next Title : Alibaba Alipay (Remove ActiveX) Remote Code Execution Exploit

-- raptor_winudf.sql - A MySQL UDF backdoor kit for Windows
-- Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>
--
-- This is a MySQL backdoor kit for Windows based on the UDFs (User Defined
-- Functions) mechanism. Use it to spawn a reverse shell (netcat UDF on port 
-- 80/tcp) or to execute single OS commands (exec UDF). Don't forget to edit
-- the MySQL bin path below according to your target's configuration.
--
-- Thanks to KDM for asking me to do research on this interesting subject!
--
-- See also:
-- http://www.0xdeadbeef.info/exploits/raptor_udf.c
-- http://www.0xdeadbeef.info/exploits/raptor_udf2.c
--
-- Tested on:
-- MySQL 4.0.18-win32 (running on Windows XP SP2)
-- MySQL 4.1.22-win32 (running on Windows XP SP2)
-- MySQL 5.0.27-win32 (running on Windows XP SP2)

download:
http://www.0xdeadbeef.info/exploits/raptor_winudf.tgz
http://www.milw0rm.com/sploits/02062007-raptor_winudf.tgz

# www.Syue.com [2007-02-06]