# MySQL Fake Server When the JDBC URL is controllable, a special MySQL server can read any file or perform deserialization operations on the JDBC client. The MySQL protocol is partially implemented entirely using Java, with built-in common ysoserial chains, one-click launch, and automatic generation of usable payloads for testing. Refer to the MySQL\_Fake\_Server project, the payload is transmitted from the user parameter. The deserialization operation should start with deser\_, and the rule is deser\_\[gadget]*\[cmd]. The file reading should start with fileread*, and the rule is fileread\_\[name]. Due to the existence of special characters in some file names or commands, it is possible to use the base64 transmission method, which is based on the original user and followed by base64 after base64, such as user=deser\_CB\_calc.exe is equal to user=base64ZGVzZXJfQ0JfY2FsYy5leGU=. By default, the files are saved in the directory named after the current timestamp under the fake-server-files directory in the current directory (the directory is automatically created). Download {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://baric6.gitbook.io/barics-knowledge-base/development/databases/mysql-fake-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.