Re: odd query

From: Kiuhnm Mnhuik <gandalf23_at_mail.com>
Date: Tue, 20 Jan 2015 12:31:00 -0800 (PST)
Message-ID: <83353d66-0d38-4d55-9ca0-e981554c2099_at_googlegroups.com>


On Tuesday, January 20, 2015 at 8:48:34 PM UTC+1, Lennart Jonsson wrote:
> On 01/20/2015 03:14 PM, Kiuhnm Mnhuik wrote:
> > I don't understand how the following query works:
> >
> > SELECT yr, city
> > FROM games
> > WHERE yr = 2004 or 1
> > group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0)
> >
> > It displays
> > Error: Duplicate entry '5.5.38-MariaDB:1' for key 'group_key'
> > so you can read the info you seek: "5.5.38-MariaDB". It's called error-based SQL injection.
> >
> > You can experiment with it here:
> > http://sqlzoo.net/wiki/SELECT_.._WHERE
> >
> > Why do we need "having min(0)"?
> >
>
> The query makes no sense, but if you want to know the version would it
> not be simpler to ask for it directly instead of hiding it in an obscure
> group by clause where it is printed in the error message?
>
> SELECT distinct version()
> FROM games

No, that doesn't work when the web site only display errors. Anyway, I found out how it works. If you are interested, see my answer here:   http://security.stackexchange.com/questions/79569/error-based-sql-injection Received on Tue Jan 20 2015 - 21:31:00 CET

Original text of this message