In a publicly disclosed incident (name withheld for confidentiality), attackers compromised a marketing department’s WordPress site via SQL injection. The backend database was MySQL 5.0.12 running on a Windows Server 2008 R2 machine—both long out of support.
Suddenly, the attacker can run operating system commands: mysql 5.0.12 exploit
[Attacker] ---> (Port 3306 or Web Application) ---> [Vulnerable MySQL 5.0.12] | +---------------------------------------------------------+ | v [1. Information Gathering] -> Identify version via banner grabbing or SQLi error text. [2. Access Phase] -> Exploit low-level SQLi or weak credentials. [3. Escalation Phase] -> Leverage CVE-2006-4227 (Stored Routines) to claim SUID admin rights. [4. OS Interaction] -> Attempt file read/write using "INTO OUTFILE" or custom UDFs. In a publicly disclosed incident (name withheld for
: Versions in the 5.0 series were susceptible to a flaw in check_scramble_323() where a remote attacker could bypass authentication using a zero-length password. Denial of Service (DoS) :
: Versions prior to 5.0.25 allow authenticated users to gain elevated privileges through specifically crafted stored routines. Denial of Service (DoS) :