CVE-2009-5026
MySQL 5.0.x < 5.0.93 and 5.1.x < 5.1.50 - SQL Injection via Executable Comment Feature
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-5026. PoCs published by Libing Song.
AI-analyzed exploit summary This exploit leverages a MySQL privilege escalation vulnerability (CVE-2009-5026) by injecting SQL comments to manipulate the `mysql.user` table and grant SUPER privileges to an existing user. The attack abuses MySQL's conditional comment syntax to execute hidden SQL statements.
Description
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Exploits (1)
This exploit leverages a MySQL privilege escalation vulnerability (CVE-2009-5026) by injecting SQL comments to manipulate the `mysql.user` table and grant SUPER privileges to an existing user. The attack abuses MySQL's conditional comment syntax to execute hidden SQL statements.