How would I crash a php site?

Discussion in 'OT Technology' started by Franchise, Mar 3, 2005.

  1. Franchise

    Franchise New Member

    Joined:
    Jan 27, 2005
    Messages:
    4,467
    Likes Received:
    0
    Location:
    Toronto
    I just wrote a test and my teacher said bonus marks if I can crash his database? any code? My friend got it to crash but not delete or anything
     
  2. DemisE

    DemisE Active Member

    Joined:
    Oct 17, 2003
    Messages:
    6,337
    Likes Received:
    0
    Location:
    Memphass
  3. Franchise

    Franchise New Member

    Joined:
    Jan 27, 2005
    Messages:
    4,467
    Likes Received:
    0
    Location:
    Toronto
  4. bleak

    bleak Guest

    Code:
     ini_set("max_execution_time", "86400");
     
      $i = 0;
      
      while ($i == 0) {
       mysql_query("some really huge and obnoxious query");
      }
      
     
    Last edited by a moderator: Mar 3, 2005
  5. MrMan

    MrMan New Member

    Joined:
    Jul 13, 2004
    Messages:
    308
    Likes Received:
    0
    look into SQL injection. I assume your teacher purposely left this check out to be able to "crash" it.
     
  6. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,924
    Likes Received:
    11
    Location:
    Los Angeles
    And what SQL string would be able to completely crash a server? Because I do not know of any off hand.
     
  7. stillspiraling

    stillspiraling Would you like some making fuck, BERSERKER

    Joined:
    Sep 6, 2003
    Messages:
    1,380
    Likes Received:
    0
    Location:
    in a dream within a dream?

    Some disgusting cartesian join? or a combination of a few...
     
  8. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,924
    Likes Received:
    11
    Location:
    Los Angeles
    MySQL is capable of handling very large queries. Although some people could probably send a string large enough to slow down the server, but it would only be for a couple seconds.

    Btw, SQL injection is irrelevant. It does not even pertain to this subject. Especially if he already has access to the resources. :rolleyes:
     
  9. MrMan

    MrMan New Member

    Joined:
    Jul 13, 2004
    Messages:
    308
    Likes Received:
    0
    SQL injection irrelevant? If you are able to modify the database completely (changing a varchar to int, dropping tables), and run your own queries, gain administrator privileges and run commands that can cause complete destruction of a database, or simply shutdown the database... that is not relevant to crashing a php site as the title of the topic states, and crashing the database, as written by the original poster?
     
  10. wiredout46

    wiredout46 臭黑鬼 OT Supporter

    Joined:
    Nov 24, 2003
    Messages:
    35,946
    Likes Received:
    46
    Location:
    bay area, ca
  11. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    SELECT * FROM BigAssTable ORDER BY ever,single,freaking,field

    works nicely on undersized servers with large databases. Had a customer with an app that would essentially allow the user to do that on a 300 GB financials database. It would take about 10 minutes to complete and bring the database to it's knees while it was running.
     
  12. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,924
    Likes Received:
    11
    Location:
    Los Angeles
    Do you have any idea what SQL injection is?
     
  13. MrMan

    MrMan New Member

    Joined:
    Jul 13, 2004
    Messages:
    308
    Likes Received:
    0
    hmm, I assume you only believe SQL injection is used to obtain information/resources?

    http://www.sitepoint.com/article/sql-injection-attacks-safe/3

    Example 1 causes an error.
    Example 2 drops a table.
    Example 3 shuts down the database.


    Here is a article on a recent computer virus that uses SQL injection.

    http://www.zdnet.com.au/news/security/0,2000061744,39178706,00.htm

    "This uses a new vulnerability on MySQL," said Jacques Erasmus, a security consultant for Prevx. "This is a zero-day exploit that infects machines using SQL injections. It is focussed on corporate users not home users. It's spread quite fast. I think as MySQL is popular, it would be wise not have them deployed in front of Web servers. That's fairly common sense, but lots of people don't know that."

    "MySpool, which runs a file called spoolcll.exe, enters MySQL servers through a SQL injection vulnerability, copies itself to the directory: "%systemdrive%\appl\develop\mysql\data\" and gives itself a random eight-character file name. When the programme is run from a remote IRC server, it randomly reassigns ports and starts a Trojan, allowing hackers to access computers and listen to traffic. It then performs an IP scan looking for other computers to infect and begins another process of SQL injections."
    ...

    Do you know what it is?
     
    Last edited: Mar 5, 2005
  14. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,924
    Likes Received:
    11
    Location:
    Los Angeles
    Wow, I am very suprised at the effort you made in this post. In case you havn't figured it out yet, this guy already has access to database resources. So, it was a comprehension problem... on your side.
     
  15. EkriirkE

    EkriirkE Zika Xenu OT Supporter

    Joined:
    Jan 11, 2004
    Messages:
    14,799
    Likes Received:
    0
    Location:
    Dublin & San Francisco, CA
    what=hack["gibson"];
    what("crash");
     
  16. MrMan

    MrMan New Member

    Joined:
    Jul 13, 2004
    Messages:
    308
    Likes Received:
    0

    Okay, you obviously have no idea what SQL injection is. In case you haven't figured it out yet, SQL injection is more than obtaining database resources. I even showed you how it can be used to crash databases or a php website, as what the original poster stated, and yet you still claim it is a comprehension problem, or it is irrelevant. The fact that you never even gave a suggestion to answering his post shows you have no understanding of what is being stated. Continue to stay ignorant and naive.
     
    Last edited: Mar 5, 2005

Share This Page