The methodology is a comprehensive framework used by penetration testers to identify, enumerate, and exploit MySQL database vulnerabilities. By following a structured approach—from initial connection testing to advanced SQL injection—security professionals can uncover misconfigurations and data exposure risks. 1. Initial Connection and Enumeration
Before attempting login, verify the service and its version to check for known vulnerabilities like CVE-2012-2122 (Authentication Bypass). Port Scanning: Default is Nmap Scripts: Use specialized scripts for automated discovery: nmap -sV -p
The first step is identifying the service and attempting to establish a connection. : MySQL typically listens on 3306/tcp . Local Connection : Connect as root without a password: mysql -u root . Connect with a password prompt: mysql -u root -p . Remote Connection : Connect to a specific host: mysql -h -u root . mysql hacktricks verified
If secure_file_priv is disabled (empty), an attacker can use the SELECT ... INTO OUTFILE statement.
SHOW VARIABLES LIKE 'secure_file_priv';
The web application user should never have FILE or SUPER privileges. MySQL HackTricks verified The methodology is a comprehensive
: It frequently links to and explains the use of industry-standard tools like sqlmap for automated testing.
SHOW VARIABLES LIKE 'have_ssl'; SHOW VARIABLES LIKE 'require_secure_transport'; Principle of Least Privilege: The web application user
: A common "verified" technique for SQL injection (SQLi) is comparing responses. For example, if