How MySQL Servers Can Attack YOU
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore a novel attack vector where compromised MySQL servers can target and exploit MySQL clients, potentially leading to remote code execution on the client machine. Delve into the intricacies of this security threat, which can affect web applications using MySQL client libraries, as well as interactive tools like MySQL command line client and MySQL Workbench. Examine a recreated security issue from 2019 that Oracle MySQL never fully acknowledged, and discover how unfixed old client libraries and tools remain vulnerable to arbitrary code execution. Learn about a new zero-day vulnerability in MySQL server that bypasses the security patch using multibyte charset, enabling attacks against various MySQL client applications. Gain insights into the potential risks of database access and elevated privileges, and understand how this attack method can be used to compromise sensitive environments and secrets through seemingly innocuous tasks like WordPress site restoration.
Syllabus
#HITB2023AMS D2T1 - How MySQL Servers Can Attack YOU - Alexander Rubin & Martin Rakhmanov
Taught by
Hack In The Box Security Conference
Related Courses
Managing Big Data with MySQLDuke University via Coursera Database Management Essentials
University of Colorado System via Coursera Business Metrics for Data-Driven Companies
Duke University via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Базы данных (Databases)
Saint Petersburg State University via Coursera