CVE-2016-6662 #2168

Open
unionor opened this Issue Sep 14, 2016 · 10 comments

Projects

None yet

6 participants

@unionor
unionor commented Sep 14, 2016 edited

any plans to use CVE-2016-6662 and CVE-2016-6663 for privilege escalation

@SweetSoul

@stamparm This is good :) ...

@shadowfolder

Me to interested in this. Hope this is possible 👍

@petercunha

I would love to see this! Please consider adding it.

@stamparm
Member

@all what would be the (expected) workflow?

@stamparm
Member

@unionor I've seen the PoC :). Have you read it and understood it? That injected config file has to be loaded in the first place.

I am repeating the question. What should be the workflow in automated tool as sqlmap?

@unionor unionor closed this Sep 15, 2016
@unionor
unionor commented Sep 15, 2016 edited

@stamparm you decide now :).

@stamparm
Member

@unionor why closing it down? now i look like a**hole, while i wanted a constructive discussion. i am just asking what would be the "usable" workflow here (if possible)

@SweetSoul

Well... to the config file to be loaded what do we probably need? Just a service restart?
Maybe if we can upload a shell we can force the server to restart then the config file will be loaded...

@stormwin

force service to crash and restart using other exploit... but maybe it will be complicated and not-so-easy to implement.. different versions, different databases, don't have many public exploits for service crash

@unionor unionor reopened this Sep 16, 2016
@SweetSoul

What if sqlmap help us to do everything and then tell user that he need to find a way to restart the service if he wants this to work.
That would be helpful enough... The main objective of the sqlmap is to automate SQLi not exploit a server... And for the SQLi part of the job the only thing it can do is to inject the config file. The 2nd part is out of bounds for SQLi.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment