In this post, we’ll cover Percona’s thoughts about the current MySQL community discussion happening around MySQL LOCAL INFILE security issues.
This post is released given the already public discussion of this particular issue, with the exploitation code currently redacted to ensure forks of MySQL client libraries have sufficient time to implement their response strategies.
This post has been updated to now include previously redacted content, in line with responsible disclosure sufficient time has passed to allow forks to update and get those updates out for circulation.
Background
MySQL’s
LOCAL INFILE
feature is fully documented by Oracle MySQL, and there is a legitimate use for the
LOCAL INFILE
feature to upload data to a …
[Read more]