bug-bounty458
google364
microsoft314
facebook272
xss250
apple179
malware176
rce165
exploit141
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation81
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos63
browser62
reflected-xss57
react54
cloudflare51
reverse-engineering49
cross-site-scripting48
input-validation48
aws48
docker47
node47
access-control47
smart-contract45
web343
ethereum43
sql-injection43
web-security42
ssrf42
defi42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
html-injection33
cloud33
auth-bypass33
lfi32
smart-contract-vulnerability32
0
8/10
exploit
A detailed technical writeup demonstrating how to abuse MySQL's LOAD DATA LOCAL INFILE feature by setting up a fake MySQL server that tricks clients into reading arbitrary files from their local machine. The author provides packet-level analysis, a working Python proof-of-concept exploit, and network traffic documentation showing the authentication bypass and file exfiltration mechanism.
mysql
local-file-inclusion
lfi
load-data-infile
mysql-client-abuse
fake-server
man-in-the-middle
file-exfiltration
protocol-exploitation
python-exploit
wireshark
network-protocol
MySQL 5.6.28
MySQL 5.7.24
MySQL 8.0.13
PHP 7.0.32
Ubuntu 14.04
Wireshark