Alternative attack parsing-mysql injection into the entire database server crashes

Theoretical Basis
Mysql injection exists. If the injected sleep statement is input with a large enough parameter, for example, sleep (9999999999 ). if the database uses the myisam engine and the injection point is a statement that locks the table (insert, replace, update, delete), access to the entire data table will be blocked. Read requests from all applications using this table will be blocked (from international hackers ).
 
 
Search for Injection
There is a dz site that you can't take for a long time. You can use it as a demo to query the server-like site, google
 
View the source code print help 1 Site: av.com inurl: *. php?
 
Soon I found an injection point on sqlmap.
 
 


Error injection-SQL-shell: SQL map SQL operation

 
Stress Testing
Execute the delayed code.
 
View Source Code print help 1 select benchmark (99999999999, 0x701_f62616e646f701_f62616e646f701_f62616e646f)
\

Nice job www.av.com cannot be opened, but several mysql sites in the same server have an impact. There are several injection points at the same time ..
 


 
The mysql server seems to have crashed with the mysql driver of the same server. There are several images without high-definition code.
 
Dedecms www.2cto.com
 
Let's look at the tragic discuz.