The Mysql database uses the CONCAT function to execute SQL injection queries _mysql

SQL injection statements sometimes use the substitution query technology, that is, let the original query statements can not find the results of errors, and let the query to build their own execution, and the implementation of the results instead of the original query query results displayed.

For example: The original query statement is

Copy Code code as follows:

Select Username,email,content from test_table where User_id=uid;

Where the UID is entered by the user. The normal display result will appear the user name, the user mailbox, the user message content. However, if the UID filter is lax, we can construct the following SQL statement to obtain any data table information.

Copy Code code as follows:

Uid=-1 Union Select Username, password,content from test_talbe where user_id= administrator id;

The actual implementation is

Copy Code code as follows:

Select Username,email,content from test_table where user_id=-1 Union select username, password,content from Test_talbe whe Re user_id= admin ID;

Where the normal user emai is displayed, it becomes the password to display the administrator.

However, often things are not so simple, the first to find vulnerabilities, and then construct such statements to consider the type of each field, so that the int or samllint type of field display varchar is obviously inappropriate. This is the last thing to say.

If the problem SQL statement has only one or two fields to do, we want to know a lot of things, one or two fields are too few, far from meeting our needs. Then we can use the concat function.

The CONCAT function would have been such a select CONCAT (' My ', ' S ', ' QL '), and the result was ' MySQL '. Which is the connecting effect. We use it to serve us,

Copy Code code as follows:

Uid=-1 Union Select Username, concat (password,sex,address,telephone), content from Test_talbe where user_id= administrator id;

This statement actually inquires six fields, but when displayed, the Password,sex,address,telephone and other fields together, displayed in the original should show the email place.

Better way: Divide the separator between:

Copy Code code as follows:

Uid=-1 Union Select Username, concat (password,0x3a,sex,0x3a,address,0x3a,telephone), content from Test_talbe where user _id= Administrator ID;

Where 0x3a is ":" in the 16 form.