我正在学习一个用PHP编写的Web应用程序的教程,将输入中的空格列为黑名单('id'参数)。任务是添加其他字符,这些字符基本上绕过了这个黑名单,但仍然被后端的MySQL数据库解释。考虑到nbsp字符未列入黑名单,我构建了一个类似于此的网址 - http://192.168.2.15/sqli-labs/Less-26/?id=1'%C2%A0||%C2A0'1
,其中C2A0
是nbsp字符的UTF-8表示形式。但是这会引发MySQL错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' || '1' LIMIT 0,1' at line 1
我将数据库上运行的SQL查询字符串反映回页面
SELECT * FROM users WHERE id='1' || '1' LIMIT 0,1
这个查询对我来说似乎没问题,它不应该抛出错误。我怀疑它可能与字符集有关。但是我对MySQL中字符集的理解非常有限,以及在什么情况下应用了字符集。
我在运行show variables like 'char%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | gbk |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | latin1 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
答案 0 :(得分:1)
MySQL 语法无法识别utf8 C2A0
在此测试中,请注意常规空间(20
)和NO-BREAK SPACE
(C2A0
):
mysql> select UNHEX('53454C45435420313B'), UNHEX('53454C454354C2A0323B');
+-----------------------------+-------------------------------+
| UNHEX('53454C45435420313B') | UNHEX('53454C454354C2A0323B') |
+-----------------------------+-------------------------------+
| SELECT 1; | SELECT 2; |
+-----------------------------+-------------------------------+
1 row in set (0.00 sec)
然后我复制了这两个陈述:
mysql> SELECT 1;
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)
mysql> SELECT 2;
ERROR 1064 (42000): You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version
for the right syntax to use near 'SELECT 2' at line 1