Re: odd query
Date: Tue, 20 Jan 2015 20:48:31 +0100
Message-ID: <m9mbdi$fpp$1_at_dont-email.me>
On 01/20/2015 03:14 PM, Kiuhnm Mnhuik wrote:
The query makes no sense, but if you want to know the version would it
not be simpler to ask for it directly instead of hiding it in an obscure
group by clause where it is printed in the error message?
SELECT distinct version()
> I don't understand how the following query works:
>
> SELECT yr, city
> FROM games
> WHERE yr = 2004 or 1
> group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0)
>
> It displays
> Error: Duplicate entry '5.5.38-MariaDB:1' for key 'group_key'
> so you can read the info you seek: "5.5.38-MariaDB". It's called error-based SQL injection.
>
> You can experiment with it here:
> http://sqlzoo.net/wiki/SELECT_.._WHERE
>
> Why do we need "having min(0)"?
>
FROM games
Received on Tue Jan 20 2015 - 20:48:31 CET