错误 1062 (23000) 中的 sql 注入:重复条目? [英] sql injection in ERROR 1062 (23000): Duplicate entry?
问题描述
我正在尝试了解 mysql 中的这些错误:
I'm trying to understand these bugs in mysql:
https://bugs.mysql.com/bug.php?id=58081
https://bugs.mysql.com/bug.php?id=62755
https://bugs.mysql.com/bug.php?id=60808
所以我在表中创建了一个序列:
so i create a sequences inside table :
mysql> select id from test_injection ;
结果:
+----+
| id |
+----+
| 0 |
| 1 |
| 1 |
| 1 |
| 1 |
| 0 |
+----+
6 rows in set (0.00 sec)
并且我也尝试通过使用 select + agregate 函数和 group by 来解决上面的错误
and i also try to make the bug above , by using select + agregate function with group by
mysql> select count(*),id from test_injection group by id ;
结果:
+----------+----+
| count(*) | id |
+----------+----+
| 2 | 0 |
| 4 | 1 |
+----------+----+
2 rows in set (0.00 sec)
我尝试了很多次,但没有发生错误.
i try alot of times but no bugs happend .
所以我尝试在上面的错误中使用他们的有效载荷:
so i try to use their payload in bug above :
mysql> select count(*),floor(rand(0)*2) from security.users ;
结果:
ERROR 1062 (23000): 键 '' 的重复条目 '1'
ERROR 1062 (23000): Duplicate entry '1' for key ''
那么为什么错误发生在第二个选择中?因为我知道重复错误发生在更新/插入查询中,而不是在 select 中.
so why the error happen in the second select ? as i i know the duplicate error happen in update/insert queries not in select .
推荐答案
我在互联网上搜索了很多可以向我解释这一点的人,我发现这种情况只发生在插入/更新查询中,所以当我们生成一个序列和对它做一个聚合函数,这将把序列插入到临时分组表中,然后做一个聚合函数,所以这会出错.
i search a lot on internet for someone can explain this to me , and i fount this happen only in insert/update queries , so when we generate an sequences and do an aggregate function on it , this will insert the sequences in a temp group by table and then do an aggregate function , so this make the error .
这篇关于错误 1062 (23000) 中的 sql 注入:重复条目?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!