mysql injecting sleep statements caused denial of service and repair programme-vulnerability warning-the black bar safety net

2012-02-15T00:00:00
ID MYHACK58:62201233118
Type myhack58
Reporter 佚名
Modified 2012-02-15T00:00:00

Description

mysql the presence of injection, and injecting sleep statements if you pass in a large enough parameter, for example: sleep(9 9 9 9 9 9 9 9 9 9).

If the database is using the myisam engine, and the injection point is a will lock TABLE statement, insert,replace,update,delete, then the entire data table of the access will be blocked.

Use this table to all applications of Read library the request will be blocked.

If the database used is the master-slave separation architecture, the www.2cto.com then the Master and Slave synchronization is the sleep statement is blocking, resulting from the library not from the main library normal synchronization data. Some rely on the master-slave synchronization application will not work properly.

If only a read operation, after a limited number of requests, it will soon reach the database, the max_connections limit, resulting in a database denial of service.

Vulnerability to prove:

Inject statement update test_inj set xx=1 and sleep(9 9 9 9 9 9 9 9 9 9);

mysql> select * from test_inj;

The request will be blocked. Until you manually kill the lock TABLE statement.

Online experimental consequences would be more serious, it is not affixed to real examples. Testers please use your own build of the database. Don't harm.

Repair solutions:

Disable the mysql sleep function. Or modify it sleep upper limit, reject the unreasonable ultra-long sleep in. Reality rarely use the sleep function, even if the encounter the need to sleep the scene, but also by external applications to achieve sleep in.

Author drizzle@the clouds