Oracle MySQL UDF Payload Execution

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT … into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.
Source: Oracle MySQL UDF Payload Execution

The post Oracle MySQL UDF Payload Execution appeared first on MondoUnix.