A design flaw has been uncovered in the popular open-source RDBMS, MySQL. Multiple sources have reported this issue, which is present in the file transfer process in MySQL.
Apparently, an executable statement called ‘LOAD DATA’ that load files from the server can be exploited by attackers to steal files from the system.
Reported by Security Affairs, this loophole can be misused by rogue MySQL servers to access client-host data. This means attackers can easily steal private data by simply knowing the file’s path using ‘/proc/self/environ’ file.
Interestingly, it is also believed that the MySQL flaw was used by Magecart attackers to deploy malicious code in last year’s attack.
A tool called Adminer
Cybersecurity researcher Willem de Groot explains that Adminer -- a PHP tool for MySQL and PostgreSQL databases, is mainly abused by attackers to gain unauthorized access to databases through the flaw.
“AFAIK this attack method has not been published before, but in hindsight, I have observed it being used by different Magecart factions at least since October 2018 (although I didn’t understand what was going on back then). The vulnerability was subsequently used to inject payment skimmers on several high-profile stores (government & multinationals).” speculated de Groot, when it came to Adminer’s misuse.
In addition, this flaw allows attackers to initiate file transfers from servers on top of infecting the database. When using a tool like Adminer for database related activity, users are advised to use an updated version of the tool, as well as protect their databases with measures such as password protection, says de Groot.