One of the most reliable post-authentication exploits against MySQL 5.0.12 leverages the User-Defined Function (UDF) mechanism.
Three weeks later, Kai received a wire transfer for $250,000. The hedge fund had used his proof-of-concept to sue their DBA contractor for negligence. The server, they later learned, had been running MySQL 5.0.12 without patches for 1,847 days. mysql 5.0.12 exploit
SELECT 0x7f454c460201010000000000000000000300... INTO DUMPFILE '/usr/lib/mysql/plugin/exploit.so'; The server, they later learned, had been running MySQL 5
DROP FUNCTION sys_eval;
: An off-by-one buffer overflow in the Instance Manager allows local users to crash the application. Common Exploitation Methods 2. Authentication Bypass (The 1-in-256 Chance)
The following write-up details the standard exploitation path used to gain a root shell from an authenticated MySQL session or SQL injection on this version. 1. Vulnerability Overview
: Successful exploitation allows the attacker to execute arbitrary code with the same privileges as the mysqld service. 2. Authentication Bypass (The 1-in-256 Chance)