script to test if a legacy server is vulnerable to the password bypass flaw?
The exploit works by tricking mysql_real_escape_string() into thinking a quote ( ' ) is part of a multi-byte character, therefore not escaping it, which then allows the attacker to close a SQL query prematurely and inject their own commands. The Attack Mechanism mysql 5.0.12 exploit
The single most effective defense is to (such as 8.0 or recent 5.7 builds). The older 5.0.x branch has been end-of-life (EOL) for years and no longer receives security patches. Oracle's lifecycle policy states that only subscribers receive extended support for MySQL 5.0. There is no justification for running EOL software. script to test if a legacy server is