Mysql 条件等号的异常

mysql 网络安全 转载 sql注入
转载验证
Publish Date:   2017-03-10

  1. 字符型和数字型 MySQL的等号同PHP一样,对等号两端不同的数据类型都有强制类型转换

    mysql> select * from login_log where '1' = 1;
+----+-----+------+------------+---------------------+-----------+
| id | uid | fr   | login_date | login_time          | login_ip  |
+----+-----+------+------------+---------------------+-----------+
| 27 |   1 | html | 2015-05-29 | 2015-05-29 11:34:36 | 127.0.0.1 |
| 26 |   1 | html | 2015-05-28 | 2015-05-28 08:35:29 | 127.0.0.1 |
+----+-----+------+------------+---------------------+-----------+
2 rows in set (0.00 sec)

mysql> select * from login_log where '1d' = 1;
+----+-----+------+------------+---------------------+-----------+
| id | uid | fr   | login_date | login_time          | login_ip  |
+----+-----+------+------------+---------------------+-----------+
| 27 |   1 | html | 2015-05-29 | 2015-05-29 11:34:36 | 127.0.0.1 |
| 26 |   1 | html | 2015-05-28 | 2015-05-28 08:35:29 | 127.0.0.1 |
+----+-----+------+------------+---------------------+-----------+
2 rows in set, 1 warning (0.00 sec)


mysql> select * from login_log where 0.999999999999999999999999999999=1;
Empty set (0.00 sec)

mysql>
```

  1. 尾空格 MySQL等号对字符串尾部的空格做忽视的处理

    mysql> select * from login_log where fr="html    ";
+----+-----+------+------------+---------------------+-----------+
| id | uid | fr   | login_date | login_time          | login_ip  |
+----+-----+------+------------+---------------------+-----------+
| 27 |   1 | html | 2015-05-29 | 2015-05-29 11:34:36 | 127.0.0.1 |
| 26 |   1 | html | 2015-05-28 | 2015-05-28 08:35:29 | 127.0.0.1 |
+----+-----+------+------------+---------------------+-----------+
2 rows in set (0.00 sec)

  2. unicode字符集 MySQL的等号认为某些相似字符也是相等的

    mysql> select * from login_log where fr='ħtml';
Empty set (0.00 sec)

mysql> select * from login_log where fr='ĥtml';
+----+-----+------+------------+---------------------+-----------+
| id | uid | fr   | login_date | login_time          | login_ip  |
+----+-----+------+------------+---------------------+-----------+
| 27 |   1 | html | 2015-05-29 | 2015-05-29 11:34:36 | 127.0.0.1 |
| 26 |   1 | html | 2015-05-28 | 2015-05-28 08:35:29 | 127.0.0.1 |
+----+-----+------+------------+---------------------+-----------+
2 rows in set (0.00 sec)

mysql>

  3. 新型万能密码

    mysql> select * from login_log where fr='abc'='';
+----+-----+------+------------+---------------------+-----------+
| id | uid | fr   | login_date | login_time          | login_ip  |
+----+-----+------+------------+---------------------+-----------+
| 27 |   1 | html | 2015-05-29 | 2015-05-29 11:34:36 | 127.0.0.1 |
| 26 |   1 | html | 2015-05-28 | 2015-05-28 08:35:29 | 127.0.0.1 |
+----+-----+------+------------+---------------------+-----------+
2 rows in set (0.00 sec)

mysql>

本文为验证. 原文地址: http://www.wupco.cn/?p=93

Author: Itaken
Link: https://itaken.github.io/2017/3/10/Mysql%E6%9D%A1%E4%BB%B6%E7%AD%89%E5%8F%B7%E7%9A%84%E5%BC%82%E5%B8%B8/
Reprint policy: All articles in this blog are used except for special statements CC BY 4.0 reprint polocy. If reproduced, please indicate source Itaken !
mysql 网络安全 转载 sql注入
  TOC目录