bug-bounty451
google354
xss338
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post86
csrf83
browser77
writeup75
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
docker51
ssrf51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor35
vulnerability-disclosure32
smart-contract-vulnerability32
clickjacking31
burp-suite31
info-disclosure31
race-condition31
web-application31
reverse-engineering31
wordpress30
input-validation30
web-security29
information-disclosure29
cloud29
reflected-xss29
solidity27
0
8/10
exploit
A detailed technical writeup demonstrating how to abuse MySQL's LOAD DATA LOCAL INFILE feature by setting up a fake MySQL server that tricks clients into reading arbitrary files from their local machine. The author provides packet-level analysis, a working Python proof-of-concept exploit, and network traffic documentation showing the authentication bypass and file exfiltration mechanism.
mysql
local-file-inclusion
lfi
load-data-infile
mysql-client-abuse
fake-server
man-in-the-middle
file-exfiltration
protocol-exploitation
python-exploit
wireshark
network-protocol
MySQL 5.6.28
MySQL 5.7.24
MySQL 8.0.13
PHP 7.0.32
Ubuntu 14.04
Wireshark