A flaw in the highly popular MySQL database management system can allow malicious servers to steal files from clients.

First reported by Security Boulevard Friday and then picked up in more detail today by Bleeping Computer, the design flaw was found in the file transfer interaction between a client host and a MySQL server. The flaw allows an attacker running a malicious MySQL server to get access to any data to which the connected client has read access.

Allegedly that can be leveraged to retrieve sensitive information from an improperly configured web server that allows connections to untrusted servers, or from database management applications. The issue is said to lie with the LOAD DATA statement used with the LOCAL modifier, which the MySQL documentation references as a security risk.

In an interesting twist, a discussion on Reddit claims that the same MySQL flaw is how the Magecart hacking group attacks have been so successful. In those attacks, a hacking group inserted code to intercept payment transactions across multiple sites. Known successful Magecart attacks include Newegg Inc., the Infowars Store, Cathay Pacific Airways Ltd., British Airways, Ticketmaster Entertainment Inc. and Oxo International Ltd.

Craig Young, computer security researcher for Tripwire Inc.’s Vulnerability and Exposure Research Team, told SiliconANGLE that although this latest vulnerability may not sound critical, since most users are not easily fooled into connecting to an attacker’s MySQL server, there are in fact many web servers with exposed database management interfaces that allow attacker-initiated connections to arbitrary servers.

“Website administrators must be aware that such pages, even when not linked to other content, may be discovered and abused by attackers,” he said. “Administration tools like Adminer should not be left unprotected in any circumstances.”

Photo: Pixabay