[Translation] about how to improve mysql blind injection efficiency through 8-bit ascii right displacement

In this way, we only need to perform eight select statements to determine the first or nth bit of a key value. The following uses the first user () in the mysql database as an example: ps: Second, the third digit, and so on, select substr (user (),) mysql> select substr (user (),), first execute the following SQL statement: www.2cto.com mysql> select (ascii (substr (),)> 7) = 0 () the first digit is the right offset seven times, that is, the first digit of the ascii offset to 8 bits and performs operations with 0. If the calculation result is 0, the first digit is not 0, if the calculation result is 1, the first digit is 0, not 1 + ------------- + | (ascii (substr (),)> 7) = 0 | + ------------- + | 1 | + ------------- + 1 row in set (0.00 sec) in this way, we will determine that the first ascii value of this 8bit is 0. The second time, we will make 6 right offsets to determine that the first two digits of the first two may be 01 or 00, that is, we can still compare them with 0, mysql> select (ascii (substr (user (),)> 6) = 0; + ------------- + | (ascii (substr (user (), (0.00)> 6) = 0 | + ------------- + | 0 | + ------------- + 1 row in set (sec) results in 0, that is, the second digit is 1. Start to guess that the first three digits are 010 or 011. Let's look at the ascii code of 010 and 011 and query the select B '011' select B '010' respectively to obtain the result 010 = 2 011 = 3 run the following SQL: mysql> select (ascii (substr (user (),)> 5) = 2; + ------------- + | (ascii (substr (user (), ()> 5) = 2 | + ------------- + | 0 | + ------------- + that is, the first three digits are not 010, but 011 until the final result of the last digit is: 01110010 convert: select B '100' query result + ----- + | B' 100' | + ----- + | r | + ----- + 1 row in set (01110010 sec) in this way, we get the first user. other places and so on