MYSQL updatexml error injection, mysqlupdatexml
First, understand the updatexml () function.
UPDATEXML (XML_document, XPath_string, new_value );
The first parameter: XML_document is in String format and is the name of the XML document object. The parameter is Doc.
The second parameter is XPath_string (a string in the Xpath format). If you do not know the Xpath syntax, you can find the tutorial online.
The third parameter: new_value, String format, replace the searched data that meets the condition
Purpose: change the value of a qualified node in the document.
Change the XPATH_string value in XML_document
Our injection statement is:
Updatexml (1, concat (0x7e, (SELECT @ version), 0x7e), 1)
The concat () function is used to concatenate a string. Therefore, it does not conform to the XPATH_string format, resulting in a format error.
ERROR 1105 (HY000): XPATH syntax error: ': root @ localhost'
XPATH format: http://www.cnblogs.com/Loofah/archive/2012/05/10/2494036.html