动态线条
动态线条end

SQL注入:mysql数值类型

数值类型分类

#整数类型:
tinyint
smallint
mediumint
int
bigint
#浮点数类型
float
double
decimal

数值越界报错与注入应用

越界插入数据,并查阅warning信息,从而获取其中的字段名称。

 create table number(
    -> col tinyint,
    -> col1 smallint,
    -> col2 mediumint,
    -> col3 int,
    -> col4 bigint,
    -> col5 float(7,2),
    -> col6 double,
    -> col7 decimal(7,2));
#正常插入 
 insert into number values(
    -> 123,
    -> 12345,
    -> 123456,
    -> 1234567,
    -> 123123123,
    -> 123.12,
    -> 123.123,
    -> 123.12);
    
#异常插入
 insert into number values(
    -> 123,
    -> 1234512312313,#非正常(数值越界)
    -> 123456,
    -> 1234567,
    -> 123123123,
    -> 123.12,
    -> 123.123,
    -> 123.12);
#显示报错内容  其中col1为字段名
ERROR 1264 (22003): Out of range value for column 'col1' at row 1

类型转换报错(未显示字段名称)

#将非数字内容插入数字类型字段
 insert into number values(
    -> 1asdas23,
    -> 1234512312313,#非正常
    -> 123456,
    -> 1234567,
    -> 123123123,
    -> 123.12,
    -> 123.123,
    -> 123.12);

#报错如下
ERROR 1054 (42S22): Unknown column '1asdas23' in 'field list'

shwo warnings;
显示  :  Error | 1054 | Unknown column '1asdas23' in 'field list'

#结论 : 并没有显示字段名称
#环境 : MySQL5.7

true与false

mysql> select 1;
+---+
| 1 |
+---+
| 1 |
+---+

mysql> select !1;
+----+
| !1 |
+----+
|  0 |
+----+

mysql> select !!1;
+-----+
| !!1 |
+-----+
|   0 |
+-----+

mysql> select !!!1;
+------+
| !!!1 |
+------+
|    1 |
+------+

mysql> select !!!!1;
+-------+
| !!!!1 |
+-------+
|     1 |
+-------+

mysql> select !!!!!1;
+--------+
| !!!!!1 |
+--------+
|      0 |
+--------+

mysql> select !!!!!!1;
+---------+
| !!!!!!1 |
+---------+
|       0 |
+---------+

mysql> select !!!!!!!1;
+----------+
| !!!!!!!1 |
+----------+
|        1 |
+----------+

mysql> select 0;
+---+
| 0 |
+---+
| 0 |
+---+

mysql> select !0;
+----+
| !0 |
+----+
|  1 |
+----+

mysql> select !!0;
+-----+
| !!0 |
+-----+
|   1 |
+-----+

mysql> select !!!0;
+------+
| !!!0 |
+------+
|    0 |
+------+

接下来与select的情况相反

结论:‘!’大于一个以上时,会被当做两个‘!’为一个

正负号

#负负为正,正号无影响
mysql> select ----++++++2;
+-------------+
| ----++++++2 |
+-------------+
|           2 |
+-------------+

1.简单组合全集逻辑:
or --+2=- -!!!2 
Or 1=1
2.简单组合空集逻辑
  and !!!2=~2
  and 1=2

使用--!!!的目标是规避空格的检查,甚至可替换为空格占位

#注意  二者在数值上是不相等的,但是sql中等号比较的是左右两边是否为true或false
mysql> select --+2
;
+------+
| --+2 |
+------+
|    2 |
+------+

mysql> select --!!!2;
+--------+
| --!!!2 |
+--------+
|      1 |
+--------+
posted @ 2022-01-26 18:04  v1v1v1  阅读(48)  评论(0编辑  收藏  举报