CVE-2016-6662

This exploit leverages CVE-2016-6662 to achieve remote root code execution or privilege escalation in MySQL/MariaDB/Percona by injecting a malicious trigger and shared library into the database directory, which then modifies the MySQL configuration file to load the library.

This repository contains a functional exploit for CVE-2016-6662, which leverages SQL injection to achieve remote root code execution on MySQL servers. The exploit crafts a malicious trigger and shared library to modify the MySQL configuration file, leading to arbitrary code execution upon service restart.

This repository contains a functional exploit for CVE-2016-6662, a MySQL remote root code execution vulnerability. The exploit leverages MySQL's FILE privilege to write a malicious shared library and trigger to a target system, which then executes arbitrary code with root privileges.

This repository contains a functional exploit for CVE-2016-6662, a MySQL/MariaDB remote root code execution vulnerability. The exploit leverages weak file permissions to append malicious configuration entries, enabling arbitrary code execution via a preloaded shared library.

This repository provides an Ansible playbook and a bash script to patch MySQL servers against CVE-2016-6662, a vulnerability that allows attackers to write malicious .so files to the filesystem and modify configurations to load them. The patch modifies mysqld_safe to restrict .so file loading to standard system locations and checks/fixes permissions of MySQL configuration files.

This repository provides a functional lab environment demonstrating CVE-2016-6662, a MySQL Remote Root Code Execution vulnerability. It includes a Dockerized setup with a vulnerable MySQL 5.6 instance and a web application to exploit SQL injection for RCE via the `secure_file_priv` misconfiguration.

This repository contains Ansible playbooks to automate the setup of a vulnerable MySQL environment for CVE-2016-6662, which involves a remote code execution vulnerability in MySQL due to insecure file handling in logging configurations. The playbooks configure both a target (vulnerable MySQL server) and an attacker machine with necessary dependencies.

This repository provides an Ansible playbook to patch the mysqld_safe script against CVE-2016-6662, a vulnerability allowing arbitrary library loading via LD_PRELOAD. It applies the Percona fix to restrict library paths to system directories.