Port 33060 – MYSQLX (MySQL X Protocol)

Why It’s Open

Port 33060 is used by MySQL X Protocol, a modern high-performance protocol introduced in MySQL 5.7.12. It enables document store functionality, allowing MySQL to handle both relational and NoSQL document-based operations. This port supports both SQL and CRUD operations with enhanced performance.

Common Risks

• Database enumeration
  Unauthorized access to MySQL schemas and data
• Credential attacks
  Brute force against MySQL user accounts
• NoSQL injection
  Document store queries vulnerable to injection attacks
• Data exfiltration
  Sensitive database information exposure
• Privilege escalation
  MySQL admin access can lead to system compromise
• Performance degradation
  Resource-intensive queries causing DoS

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Service Detection:

nmap -sV -p 33060

MySQL X Protocol Test:

mysqlsh --uri=root@:33060

Document Store Test:

mysqlsh --sql -u root -h  -P 33060

What to Look For

Mitigation

• Strong authentication
  Use complex passwords and certificate-based auth
• Network restrictions
  Limit access to trusted IP addresses only
• SSL/TLS encryption
  Enable encrypted connections for all traffic
• Regular updates
  Keep MySQL server updated with security patches
• Query monitoring
  Log and analyze database queries for anomalies
• Privilege management
  Implement least-privilege access controls

TL;DR

• Port 33060 = MySQL X Protocol document store
• Modern MySQL interface with enhanced capabilities
• Requires strong security due to database access
• Monitor for unauthorized database access attempts

Known CVEs and Exploits

• CVE-2021-2356 – MySQL X Plugin information disclosure vulnerability
• CVE-2020-2922 – MySQL X Protocol authentication bypass vulnerability
• CVE-2019-2910 – MySQL X Plugin denial of service vulnerability
• CVE-2022-21412 – MySQL X Protocol remote code execution vulnerability