bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
MySQL clients can be abused via the LOAD DATA LOCAL INFILE feature to exfiltrate arbitrary files from the client machine by setting up a fake MySQL server that bypasses authentication and sends malicious payloads. This exploitation technique works because MySQL clients trust server-sent commands after authentication, allowing attackers to read sensitive files like /etc/hosts from compromised systems.
local-file-inclusion
lfi
mysql
mysql-client
load-data-infile
fake-server
authentication-bypass
file-disclosure
protocol-exploitation
proof-of-concept
bug-bounty
security-research
MySQL
PHP 7.0.32
MySQL 8.0.13
MySQL 5.7.24
0
vulnerability
A Local File Inclusion (LFI) vulnerability was discovered in Nokia Maps that allowed reading arbitrary files from the server (e.g., /etc/passwd). The vulnerability was reported on January 2, 2013, and patched by Nokia on January 20, 2013.
Nokia Maps
Nokia Lumia 920
Shashank