Pwnie Awards 2017

The 2012 Pwnie Award For Best Server-Side Bug


Sergei Golubchik

On vulnerable versions of MySQL simply asking to authenticate repeatedly enough times is enough to bypass authentication: “Can I log in as root now?” “How about now?” “Now?”

For actual details, check out Pwnie Judge extraordinaire HD Moore’s blog post.