Exploit MySQL AB ODBC Driver 3.51 - Plain Text Password

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22946
Проверка EDB
  1. Пройдено
Автор
HANEZ
Тип уязвимости
LOCAL
Платформа
WINDOWS
CVE
N/A
Дата публикации
2003-07-22
Код:
source: https://www.securityfocus.com/bid/8245/info

A vulnerability has been reported in the MySQL AB ODBC (Open Data Base Connectivity) driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry.

These credentials may be disclosed and used to connect to the target database.

Other ODBC drivers may also be prone to the same issue, though this is not confirmed.

[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\TESTDSN]
"Driver"="C:\\WINDOWS\\System32\\myodbc3.dll"
"Description"="MySQL ODBC 3.51 Driver DSN"
"Database"="test"
"Server"="192.168.0.1"
"User"="user_name"
"Password"="plain_password"
"Port"="3306"
"Option"="3"
"Stmt"=""
 
Источник
www.exploit-db.com

Похожие темы