YoVDO

How MySQL Servers Can Attack YOU

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Cybersecurity Courses MySQL Courses Database Management Courses Zero-Day Vulnerabilities Courses Remote Code Execution Courses

Course Description

Overview

Explore a novel attack vector where compromised MySQL servers can target and exploit MySQL clients, potentially leading to remote code execution on the client machine. Delve into the intricacies of this security threat, which can affect web applications using MySQL client libraries, as well as interactive tools like MySQL command line client and MySQL Workbench. Examine a recreated security issue from 2019 that Oracle MySQL never fully acknowledged, and discover how unfixed old client libraries and tools remain vulnerable to arbitrary code execution. Learn about a new zero-day vulnerability in MySQL server that bypasses the security patch using multibyte charset, enabling attacks against various MySQL client applications. Gain insights into the potential risks of database access and elevated privileges, and understand how this attack method can be used to compromise sensitive environments and secrets through seemingly innocuous tasks like WordPress site restoration.

Syllabus

#HITB2023AMS D2T1 - How MySQL Servers Can Attack YOU - Alexander Rubin & Martin Rakhmanov


Taught by

Hack In The Box Security Conference

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network