 |
|
 |
 |
Menu |
 |
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
 |
User Info |
 |
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 200
Members: 0
Total: 200
|
|
|
|
|
 |
Full disclosure |
 |
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Elevating SQL Priviledges [edit] |
 |
Posted: Sat Aug 01, 2009 12:56 am |
|
|
tehhunter |
Valuable expert |

 |
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
 |
 |
 |
|
So I find myself frequently getting SQL access on some particular sites, and the problem is that the sites themselves aren't particulating too titillating. That is to say, little good stuff if you know what I mean.
So is there any way to go about attempting to elevate my priviledges so that I might be able to dabble around in other sites that are hosted on the server? Nothing in particular, and if the answer is a resounding 'no', then that'd be fine too. Just wondering.
Waraxe, got any tricks up your sleeve?
[edit] forgot to mention that I work mostly with MySQL servers, and do try to read other databases and mysql.users but most of the time its blocked.
Anyway, thanks. |
|
|
|
|
Posted: Sun Aug 02, 2009 1:47 am |
|
|
tehhunter |
Valuable expert |

 |
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
 |
 |
 |
|
|
|
|
|
Posted: Sun Aug 02, 2009 3:33 pm |
|
|
waraxe |
Site admin |

 |
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
 |
 |
 |
|
If you got mysql access and if it's shared hosting, then usually you can't access mysql.user table and do not have FILE privileges for INTO OUTFILE and LOAD_FILE(). There is no direct escalation vectors in current mysql versions that I am aware of. So concentrate your efforts against web application, that is using mysql. Admin privileges in web apps can often lead to php execution level. One more thing to try is mysql root password bruteforce and/or wordlist attack. |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|