bug-bounty432
google350
xss348
microsoft279
facebook245
apple171
exploit158
rce153
malware95
account-takeover94
cve87
csrf82
writeup78
bragging-post78
browser76
privilege-escalation66
react59
authentication-bypass57
cloudflare54
dos53
ssrf51
docker51
node49
aws47
access-control47
smart-contract45
phishing45
oauth45
ethereum43
defi42
supply-chain42
sql-injection41
web341
lfi37
idor34
smart-contract-vulnerability32
clickjacking31
web-application31
wordpress30
race-condition30
reverse-engineering30
info-disclosure29
vulnerability-disclosure29
cloud28
information-disclosure28
burp-suite28
solidity27
web-security27
cors26
responsible-disclosure26
0
8/10
exploit
A detailed technical writeup demonstrating how to abuse MySQL's LOAD DATA LOCAL INFILE feature by setting up a fake MySQL server that tricks clients into reading arbitrary files from their local machine. The author provides packet-level analysis, a working Python proof-of-concept exploit, and network traffic documentation showing the authentication bypass and file exfiltration mechanism.
mysql
local-file-inclusion
lfi
load-data-infile
mysql-client-abuse
fake-server
man-in-the-middle
file-exfiltration
protocol-exploitation
python-exploit
wireshark
network-protocol
MySQL 5.6.28
MySQL 5.7.24
MySQL 8.0.13
PHP 7.0.32
Ubuntu 14.04
Wireshark