Home > Developer > MySQL

Thoughts on a CTF question-MySQL features (continued), ctf-mysql

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Thoughts on a CTF question-MySQL features (continued), ctf-mysql

0x00 background

These two days are very difficult. However, the problem mentioned in the previous article is summarized.

Portal: question point 0x02 (4)

 

0x01 Testing Process

(1) test environment: the following test table is created,

Mysql> select * from test;
+ --------- + ------- + ------------------------------------------- +
| User_id | user | password |
+ --------- + ------- + ------------------------------------------- +
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 |
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ------------------------------------------- +
2 rows in set

(2) Key Points of the test process: it mainly tests whether the MySQL Case is a strong match, under which conditions is a strong match, and how to make MySQL perform a strong match on the case.

  • If no table is selected, the test finds that uppercase and lowercase letters are not strongly matched if no encoding is performed (the encoding is in char or hexadecimal format.

Mysql> select 'abc' like 'a % ';
+ ----------------- +
| 'Abc' like 'a % '|
+ ----------------- +
| 1 |
+ ----------------- +
1 row in set

Mysql> select 'abc' like 'a % ';
+ ----------------- +
| 'Abc' like 'a % '|
+ ----------------- +
| 1 |
+ ----------------- +
1 row in set

 

  • If no table is selected, the case is strongly matched after encoding in char or hexadecimal format.

Mysql> select 'abc' like char (97,37); # small
+ ------------------------ +
| 'Abc' like char (97,37) |
+ ------------------------ +
| 0 |
+ ------------------------ +
1 row in set

Mysql> select 'abc' like char (); # large
+ ------------------------ +
| 'Abc' like char (65,37) |
+ ------------------------ +
| 1 |
+ ------------------------ +
1 row in set

Mysql> select 'abc' like 0x6125; # small
+ ------------------- +
| 'Abc' like 0x6125 |
+ ------------------- +
| 0 |
+ ------------------- +
1 row in set

Mysql> select 'abc' like 0x4125; # large
+ ------------------- +
| 'Abc' like 0x4125 |
+ ------------------- +
| 1 |
+ ------------------- +
1 row in set

 

  • If you do not select a table, you can use binary to perform a strong matching On The Case sensitivity. Alternatively, you can use hex.

Mysql> select 'abc' like binary 'a % ';
+ ------------------------ +
| 'Abc' like binary 'a % '|
+ ------------------------ +
| 0 |
+ ------------------------ +
1 row in set

Mysql> select 'abc' like binary 'a % ';
+ ------------------------ +
| 'Abc' like binary 'a % '|
+ ------------------------ +
| 1 |
+ ------------------------ +
1 row in set

 

The following is a regular regexp method, which is similar to like.

  • If no table is selected, the test finds that the encoding is not performed and the case is not strongly matched.

Mysql> select 'abc' regexp '^ ';
+ ------------------- +
| 'Abc' regexp '^ a' |
+ ------------------- +
| 1 |
+ ------------------- +
1 row in set
Mysql> select 'abc' regexp '^ ';
+ ------------------- +
| 'Abc' regexp '^ a' |
+ ------------------- +
| 1 |
+ ------------------- +
1 row in set

 

  • Test without selecting a table. After encoding, The Case sensitivity is strongly matched.

Mysql> select 'abc' regexp char (94,97); # small
+ -------------------------- +
| 'Abc' regexp char (94,97) |
+ -------------------------- +
| 0 |
+ -------------------------- +
1 row in set

Mysql> select 'abc' regexp char (); # large
+ -------------------------- +
| 'Abc' regexp char (94,65) |
+ -------------------------- +
| 1 |
+ -------------------------- +
1 row in set

Mysql> select 'abc' regexp 0x5E61; # small
+ --------------------- +
| 'Abc' regexp 0x5E61 |
+ --------------------- +
| 0 |
+ --------------------- +
1 row in set
Mysql> select 'abc' regexp 0x5E41; # large
+ --------------------- +
| 'Abc' regexp 0x5E41 |
+ --------------------- +
| 1 |
+ --------------------- +
1 row in set

 

  • If no table is selected, you can use binary to perform strong matching On The Case sensitivity.

Mysql> select 'abc' regexp binary '^ ';
+ -------------------------- +
| 'Abc' regexp binary '^ a' |
+ -------------------------- +
| 0 |
+ -------------------------- +
1 row in set

Mysql> select 'abc' regexp binary '^ ';
+ -------------------------- +
| 'Abc' regexp binary '^ a' |
+ -------------------------- +
| 1 |
+ -------------------------- +

Test results when selecting a table or using database functions such as user () and database:

  • When querying field data in a table, no matter whether the data is encoded or not, the case sensitivity is not strong.

Mysql> select * from test where user like 'a % ';
+ --------- + ------- + ----------------------------------------- +
| User_id | user | password |
+ --------- + ------- + ----------------------------------------- +
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 |
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ----------------------------------------- +
2 rows in set

Mysql> select * from test where user like char (65,37 );
+ --------- + ------- + ----------------------------------------- +
| User_id | user | password |
+ --------- + ------- + ----------------------------------------- +
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 |
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ----------------------------------------- +
2 rows in set

Mysql> select * from test where user regexp '^ ';
+ --------- + ------- + ----------------------------------------- +
| User_id | user | password |
+ --------- + ------- + ----------------------------------------- +
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 |
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ----------------------------------------- +
2 rows in set

Mysql> select * from test where user regexp 0x5E61;
+ --------- + ------- + ----------------------------------------- +
| User_id | user | password |
+ --------- + ------- + ----------------------------------------- +
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 |
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ----------------------------------------- +
2 rows in set

Mysql> select * from test where user regexp binary 0x5E41;
+ --------- + ------- + ------------------------------------------------ +
| User_id | user | password |
+ --------- + ------- + ------------------------------------------------ +
| 2 | ADMIN | 5f4dcc3b5aa765d61d8327deb882cf99 |
+ --------- + ------- + ------------------------------------------------ +
1 row in set


0x02 test conclusion

MYSQL is case-insensitive. To match the case, you can use binary, or use the two-step 16-in-one format in http://www.cnblogs.com/z3roto0ne/p/6883132.html. Perform case-sensitive matching.

0x03 ANOTHER METHOD

The case sensitivity can also be achieved by mixing the hexadecimal and hexadecimal values, because the hexadecimal values are different.

Mysql> select conv (hex (substr (user );
+ --------------------------------------- +
| Conv (hex (substr (user (),),) |
+ --------------------------------------- +
| 1, 8245931987826405219 |
+ --------------------------------------- +
1 row in set

Mysql> select unhex (conv (8245931987826405219), 10, 16 ));
+ ---------------------------------------------------- +
| Unhex (conv (8245931987826405219), 10, 16) |
+ ---------------------------------------------------- +
| Root @ loc |
+ ---------------------------------------------------- +
1 row in set

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
features of mysql database mysql features comparison features of mysql server features of mysql a e channel on dish using mysql on windows free books on mysql
Related Article
MySQL Case statement (with instance)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More