// API callback
relpostimgcuplik({"version":"1.0","encoding":"UTF-8","feed":{"xmlns":"http://www.w3.org/2005/Atom","xmlns$openSearch":"http://a9.com/-/spec/opensearchrss/1.0/","xmlns$blogger":"http://schemas.google.com/blogger/2008","xmlns$georss":"http://www.georss.org/georss","xmlns$gd":"http://schemas.google.com/g/2005","xmlns$thr":"http://purl.org/syndication/thread/1.0","id":{"$t":"tag:blogger.com,1999:blog-4562681011204589043"},"updated":{"$t":"2023-11-11T06:59:51.668+07:00"},"category":[{"term":"Technology"},{"term":"windows"},{"term":"linux"},{"term":"tools"},{"term":"cyber security"},{"term":"berita"},{"term":"network"},{"term":"networking"},{"term":"software"},{"term":"security"},{"term":"Tekno"},{"term":"Tutorial"},{"term":"Webserver"},{"term":"Server"},{"term":"Video"},{"term":"Web Design"},{"term":"Triks"},{"term":"android"},{"term":"smartphones"},{"term":"Graphic Design"},{"term":"vulnerabilities"},{"term":"Music"},{"term":"download"},{"term":"Motion Design"},{"term":"Sports"},{"term":"learn"},{"term":"programing"},{"term":"webprograming"},{"term":"Database"},{"term":"Kali Linux"},{"term":"WebSecurity"},{"term":"distro"},{"term":"virus"},{"term":"Entertainment"},{"term":"Event"},{"term":"Foods"},{"term":"Game"},{"term":"Internet"},{"term":"Komunitas"},{"term":"Movies"},{"term":"Online Tools"},{"term":"People"},{"term":"Title"},{"term":"antivirus"},{"term":"app"},{"term":"blogger"},{"term":"diretas"},{"term":"fedora"},{"term":"internet sehat"},{"term":"malware"},{"term":"pemula"},{"term":"python"},{"term":"ubuntu"},{"term":"wireless"},{"term":"wordpress"},{"term":"Acara Nasional"},{"term":"Aceh"},{"term":"Artikel"},{"term":"City"},{"term":"Domain"},{"term":"Fashion"},{"term":"Google Maps"},{"term":"Print Design"},{"term":"Short"},{"term":"Test"},{"term":"Unik"},{"term":"Update"},{"term":"Url Short"},{"term":"acehprov"},{"term":"airfiber"},{"term":"chrome"},{"term":"cloud"},{"term":"data"},{"term":"ddos"},{"term":"debian"},{"term":"facebook"},{"term":"games"},{"term":"google"},{"term":"humas aceh"},{"term":"instagram"},{"term":"instragram"},{"term":"jaringan"},{"term":"materi"},{"term":"mysql"},{"term":"nmap"},{"term":"powerbeam"},{"term":"programer"},{"term":"proxmox"},{"term":"seo"},{"term":"ubiquiti"},{"term":"ubnt"},{"term":"uuite"},{"term":"whatsapp"},{"term":"winbox"},{"term":"wine"}],"title":{"type":"text","$t":"#KomunitasBungker"},"subtitle":{"type":"html","$t":"BUNGKER"},"link":[{"rel":"http://schemas.google.com/g/2005#feed","type":"application/atom+xml","href":"https:\/\/www.bungker.co.id\/feeds\/posts\/default"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/4562681011204589043\/posts\/default\/-\/mysql?alt=json-in-script\u0026max-results=50"},{"rel":"alternate","type":"text/html","href":"https:\/\/www.bungker.co.id\/search\/label\/mysql"},{"rel":"hub","href":"http://pubsubhubbub.appspot.com/"}],"author":[{"name":{"$t":"Bungker Corp"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/14576039512366647631"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"generator":{"version":"7.00","uri":"http://www.blogger.com","$t":"Blogger"},"openSearch$totalResults":{"$t":"1"},"openSearch$startIndex":{"$t":"1"},"openSearch$itemsPerPage":{"$t":"50"},"entry":[{"id":{"$t":"tag:blogger.com,1999:blog-4562681011204589043.post-5408504323571767901"},"published":{"$t":"2016-09-19T03:26:00.001+07:00"},"updated":{"$t":"2016-11-13T05:41:14.005+07:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"mysql"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Technology"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Tekno"}],"title":{"type":"text","$t":" MySQL 0day Exploit - Remote Root Code Execution "},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-KSYpUaFyI9Q\/V974YLoHkTI\/AAAAAAAABMw\/4uZr9bitbjQhhFCjHSlGcC1sA_9j4cLygCLcB\/s1600\/user_3383167_f5c775_huge.jpg\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"320\" src=\"https:\/\/2.bp.blogspot.com\/-KSYpUaFyI9Q\/V974YLoHkTI\/AAAAAAAABMw\/4uZr9bitbjQhhFCjHSlGcC1sA_9j4cLygCLcB\/s320\/user_3383167_f5c775_huge.jpg\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv style=\"text-align: justify;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv style=\"text-align: justify;\"\u003E\nDawid Golunski dari legalhackers.com menemukan dua celah berbahaya \ntergolong 0day Exploit pada perangkat manajemen database MySQL yang \nmemungkinkan attacker mengambil kontrol penuh atas database yang \nberjalan.\u003C\/div\u003E\n\u003Ca href=\"https:\/\/www.blogger.com\/null\" name=\"more\"\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-bgHUBHLLGH8\/V9tef-wlTxI\/AAAAAAAACEQ\/XvkMawwBxE4L51h_LZAI2HKh8YRN-7r7ACLcB\/s1600\/0day.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"106\" src=\"https:\/\/1.bp.blogspot.com\/-bgHUBHLLGH8\/V9tef-wlTxI\/AAAAAAAACEQ\/XvkMawwBxE4L51h_LZAI2HKh8YRN-7r7ACLcB\/s320\/0day.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\nExploit yang dimaksud adalah\u0026nbsp;\u003Cb\u003ECVE-2016-6662\u003C\/b\u003E dan \u003Cb\u003ECVE-2016-6663\u003C\/b\u003E. Yang menyerang semua bersi MySQL termasuk turunannya yaitu MariaDB dan PerconaDB.\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\nUntuk PerconaDB dan MariaDB sudah merilis patch mereka namun untuk Oracle belum.\u0026nbsp;\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\n\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\n\u003Cb\u003ECVE-2016-6662\u003C\/b\u003E sendiri cara kerjanya adalah menginjeksi konfigurasi MySQL dengan exploit.\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\nGolunski juga mengingatkan , meski SElinux atau AppArmor Linux yang \nmerupakan modul kernel security telah terpasang, exploit ini tetap bisa \nmenginfeksi sistem.\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: justify;\"\u003E\nDia juga menjelaskan kerentanan ini disebabkan secara default script \nmysqld_safe wrapper dijalankan sebagai root, dan proses utama mysqld \ndijalankan oleh MySQL user.\u003C\/div\u003E\n\u003Cblockquote class=\"tr_bq\" style=\"clear: both; text-align: justify;\"\u003E\n\"If an attacker managed to inject a path to their malicious library \nwithin the config, they would be able to preload an arbitrary library \nand thus execute arbitrary code with root privileges when MySQL service \nis restarted (manually, via a system update, package update, system \nreboot, etc.)\"\u003C\/blockquote\u003E\nGolunski melaporkan 0day exploit untuk Oracle pada 29 Juli dan vendor lainnya yang terkena dampak pada tanggal 29 Juli.\u003Cbr \/\u003E\nSementara Oracle mengakui laporan tersebut sebagai celah, menjadwalkan \nOracle CPU berikutnya untuk 18 Oktober 2016, MariaDB dan PerconaDB sudah\n melakukan patching sebelum akhir Agustus.\u003Cbr \/\u003E\nSejak lebih dari 40 hari telah berlalu dan dua vendor merilis patch \nuntuk memperbaiki masalah, Golunski memutuskan untuk mempublikasikan \nexploit 0day yang dia temukan.\u003Cbr \/\u003E\nkalian bisa membaca PoC nya disini :\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/legalhackers.com\/advisories\/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\"\u003E\u003Cspan style=\"font-size: medium;\"\u003EMySQL Exploit Remote Root Code Execution Privesc CVE 2016-6662\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-xwFvw66Tgk8\/V9tiFnH5hFI\/AAAAAAAACEY\/sE3eoBb6Pt8u4efzphjeIXS2Kn2H5i4nQCLcB\/s1600\/0day.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"158\" src=\"https:\/\/2.bp.blogspot.com\/-xwFvw66Tgk8\/V9tiFnH5hFI\/AAAAAAAACEY\/sE3eoBb6Pt8u4efzphjeIXS2Kn2H5i4nQCLcB\/s320\/0day.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nDengan belum adanya patch dari pihak Oracle sampai 18 Oktober nanti, \nberarti masih banyak pengguna MySQL yang terkena dampak exploit ini \nsampai sekarang .\u003Cdiv class=\"blogger-post-footer\"\u003Ehttp:\/\/feeds.feedburner.com\/co\/mFdp\u003C\/div\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/www.bungker.co.id\/feeds\/5408504323571767901\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.bungker.co.id\/2016\/09\/mysql-0day-exploit-remote-root-code.html#comment-form","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/4562681011204589043\/posts\/default\/5408504323571767901"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/4562681011204589043\/posts\/default\/5408504323571767901"},{"rel":"alternate","type":"text/html","href":"https:\/\/www.bungker.co.id\/2016\/09\/mysql-0day-exploit-remote-root-code.html","title":" MySQL 0day Exploit - Remote Root Code Execution "}],"author":[{"name":{"$t":"Bungker Corp"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/14576039512366647631"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-KSYpUaFyI9Q\/V974YLoHkTI\/AAAAAAAABMw\/4uZr9bitbjQhhFCjHSlGcC1sA_9j4cLygCLcB\/s72-c\/user_3383167_f5c775_huge.jpg","height":"72","width":"72"},"thr$total":{"$t":"0"}}]}});