mysql中的sleep()慢查询日志
[英]sleep() in mysql slow query log
问题描述
我以某种方式在mysql中看到慢查询日志文件将sleep()函数注入许多查询。 在项目的源代码中不使用这种功能,在apache访问日志中也不存在...注入是怎么来的?
例:
Count : 64 (0.05%)
Time : 156971.170609 s total, 2452.674541 s avg, 1635.656901 s to 3269.711339 s max (0.00%)
95% of Time : 143892.367342 s total, 2398.206122 s avg, 1635.656901 s to 3269.692319 s max
Lock Time (s) : 13.918 ms total, 217 <B5>s avg, 39 <B5>s to 3.076 ms max (0.00%)
95% of Lock : 6.909 ms total, 115 <B5>s avg, 39 <B5>s to 1.026 ms max
Rows sent : 1 avg, 1 to 1 max (0.00%)
Rows examined : 817 avg, 817 to 817 max (0.00%)
Database :
Users :
hostname and IP address : 100.00% (64) of query, 87.12% (106190) of all users
Query abstract:
SET timestamp=N; SELECT COUNT(*) AS total FROM new_forum_topics WHERE status = N AND forum_id = N AND sleep(N) AND posts_count > N ORDER BY inserted ASC;
Query sample:
SET timestamp=1344768385;
SELECT count(*) as total
FROM `new_forum_topics`
WHERE `status` = 1
AND `forum_id` = 6 and sleep(2)
AND `posts_count` > 0
ORDER BY `inserted` ASC;
但是在代码中查询看起来像
$sql = "SELECT count(*) as total
FROM `new_forum_topics`
WHERE `status` = ".intval($this->STATUS_ACTIVE)."
AND `forum_id` = ".intval($forum_id)."
AND `posts_count` > 0
ORDER BY `inserted` ASC;";
1 个解决方案
解决方案1
0 2012-12-04 07:26:07
您正在运行的应用程序中很可能存在SQL注入漏洞。 没有细节,我们无法确定它是什么。
mysql:慢查询日志:sleep(60)?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.