Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How MySQL Servers Can Attack YOU

Hack In The Box Security Conference via YouTube

Overview

Explore a novel attack vector where compromised MySQL servers can target and exploit MySQL clients, potentially leading to remote code execution on the client machine. Delve into the intricacies of this security threat, which can affect web applications using MySQL client libraries, as well as interactive tools like MySQL command line client and MySQL Workbench. Examine a recreated security issue from 2019 that Oracle MySQL never fully acknowledged, and discover how unfixed old client libraries and tools remain vulnerable to arbitrary code execution. Learn about a new zero-day vulnerability in MySQL server that bypasses the security patch using multibyte charset, enabling attacks against various MySQL client applications. Gain insights into the potential risks of database access and elevated privileges, and understand how this attack method can be used to compromise sensitive environments and secrets through seemingly innocuous tasks like WordPress site restoration.

Syllabus

#HITB2023AMS D2T1 - How MySQL Servers Can Attack YOU - Alexander Rubin & Martin Rakhmanov

Taught by

Hack In The Box Security Conference

Reviews

Start your review of How MySQL Servers Can Attack YOU

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.