MySQL vulnerability allows server’s files access

An attacker could run a malicious MySQL server and gain access to the connected data, as reported in a security message

MySQL administrators have posted a security alert informing users about a drawback with LOCAL LOAD DATA, noting that “the declaration can load a file located on the server host or, if the local keyword is specified, in the client host”, as network security and ethical hacking specialists from the International Institute of Cyber Security reported.

This flaw exists in the file-transfer interaction between a client host and a MySQL server, as reported by network security specialists. Exploiting this attack would allow a malicious actor to steal sensitive information from a poorly configured web server by allowing connections to unreliable servers or from applications to manage databases.

According to the security alert, there are two main drawbacks. “Transferring the file from the client host to the server host is started by the MySQL server. In theory, a patched server could be built that would instruct the client program to transfer a file from the server choice instead of the client-named file in the LOAD DATA declaration. This server could access any file on the client host to which the client user has read access.

In a post published on his blog on January 20, the network security expert Willem de Groot responded to the affirmation of the security notice that this failure could be exploited “in theory”, pointing out that “a malicious MySQL server that is capable of doing that can be found on GitHub, and it’s probably been used to leak passwords from the hacked sites. This could be leveraged to steal SSH keys, online cryptocurrency wallets, among other malicious activities”.

“Although this may not seem serious, as few users are really deceived to connect to malicious MySQL servers, there are many web servers with vulnerable database management interfaces, allowing for initiated connections from the side of the attacker to arbitrary servers”, says Craig Young, an analyst at a network security firm.

“Website administrators should know that these pages, even when they are not linked to other content, can be discovered and exploited by attackers. Management tools such as admin must not be left unprotected under any circumstances”.