MySQL vulnerabilities allow malicious servers to steal data from customers

A design-related vulnerability in file transfer interaction between the client and MySQL server allowed an attacker to run a malicious MySQL server to gain access to any data that the client is connected to. being allowed access.

Someone can take advantage of this problem to steal sensitive data from an improperly configured web server, allowing connection to untrusted servers or from database management applications. material.

The problem with the LOAD DATA command used with the LOCAL modification tool, is considered a security risk in the MySQL document.

Developers specifically explain this issue as follows, customers receive requests to transfer files from MySQL servers based on the information they provide in the LOAD DATA statement.However, a malicious server can respond with the LOAD DATA LOCAL command and ask for any files that the client has read and access rights.

1. 773 million emails, 21 million passwords were revealed on the Internet, this is the largest personal data leak in history

The MySQL document states: 'In fact, a patched server can respond to requests to transfer files to any command, not just LOAD DATA LOCAL, so the more fundamental problem is Customers should not connect to untrusted servers'.

The same thing can be applied to web servers - which act as clients when connecting to MySQL servers.In this case, the attacker could use the vulnerability to steal / etc / passwd files, which is where the user account records are kept.

Files can only be retrieved this way if the server knows their full path.However, in fact, malicious servers can also request the file / proc / self / environ, this is the file that provides the environment variable of the running processes, so it will also display main directory information as well as details about internal subfolder structure.

Phishing MySQL servers are always ready to attack you

In a discussion on Reddit initiated by security researcher Willem de Groot yesterday, discuss possible situations for a malicious MySQL server to attack user data.Stealing SSH keys and access information to e-wallet are the top common behaviors in the list.According to de Groot, Magecart attacks in October 2018 took advantage of the MySQL vulnerability to inject malicious code into shopping sites to steal credit card and bank account details when users advanced. online payment operator.

1. Microsoft shook hands with VirusTotal in resolving malicious code issues that affected MSI files

The malicious code for a phishing MySQL server has been available on GitHub for the past five years, so it should not be surprising if cyber criminals use it in their attacks.The purpose of the attackers seems to be to steal a file ('local.xml') in which the Magento trading platform stores its database passwords.This may occur on sites running vulnerable versions of Adminer (versions 4.3.1 to 4.6.2 are found to be affected by the above security error).Therefore, system administrators should switch to safer versions, at least 4.6.3.

See more:

1. The Internet is experiencing a huge problem with C / C ++, causing developers to "sweat"
2. Hacker purged two-factor security just by automated phishing attacks
3. Quora's question and answer page was attacked, causing 100 million users to leak personal information
4. Vulnerabilities in Android allow malware to read device information even without permission