CVE-2005-0709
Posted by:
zainabspam
Date: April 30, 2006 09:17AM
Hi,
I know it's for an outdated version of mySQL but CVE-2005-0709 details a vulnerability that takes advantage of the UDF features and uses libc to get some shellcode executed. I'm relatively new to mySQL and one of the steps involved makes no sense to me.
mysql> select on_exit(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
->,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)\G
...
mysql> select strcat(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
->,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)\G
*************************** 1. row ***************************
strcat(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0): 1
1 row in set (0.00 sec)
mysql> select exit();
What I don't understand is why there are so many params passed to on_exit and strcat (and one for exit()) instead of the two/one params as suggested by:
char *strcat(char *dest, const char * src);
int on_exit(void (* function)(int , void *), void *arg);
void exit(int status );
Also, what is the significance of the -> symbol here, doesn't it normally allow a field to be accessed in a result set?
If anybody could help I'd be very greatfull, as I have to finish a report on it by friday and I'm at a dead end!
Cheers