Reference article: https: //www.leavesongs.com/PENETRATION/mysql-charset-trick.html
https://www.leavesongs.com/PENETRATION/Mini-XCTF-Writeup.html
Look under the above two articles recommended
Reference big farewell song God tested to see if mysql8.0 versions also have this problem
mysql8.0, the default encoding is utf8mb4, but there is always the database is set to gbk, so there may also be the same coding problems
<?php
define('DBHOST', '127.0.0.1');
define('DBUSER', 'root');
define('DBPW', 'password');
define('DBNAME', 'stu');
define('DBPORT', '3306');
$link=@mysqli_connect(DBHOST, DBUSER, DBPW, DBNAME, DBPORT);
for($i = 0 ; $i < 256 ; $i++){
$c = chr($i);
$name = @mysqli_real_escape_string($link,'201215121' . $c);
$sql = "SELECT * FROM `s` WHERE `sno` = '{$name}'";
$result=@mysqli_query($link,$sql);
$row = @mysqli_fetch_array($result,MYSQLI_NUM);
if ($row[0] == '201215121') {
echo "$i";
echo "{$c} <br/>";
}
}
It may be garbled output when $ c, it can beecho utf8_encode($i);
Here is the ascii code 0-256 all control characters https://blog.csdn.net/ttmice/article/details/50978054
mysql8.0 basically the same problem also exists for other encodings, so you need to be tested again
tips: Discover the test no matter how much space is added back, the query is possible, I guess sql query will automatically remove spaces, but not other whitespace
test code:
<?php
define('DBHOST', '127.0.0.1');址
define('DBUSER', 'root');
define('DBPW', 'password');
define('DBNAME', 'stu');
define('DBPORT', '3306');
$link=@mysqli_connect(DBHOST, DBUSER, DBPW, DBNAME, DBPORT);
$name = @$_GET['name'];
$sql = "SELECT * FROM `s` WHERE `sno` = '{$name}'";
$result=@mysqli_query($link,$sql);
$row = @mysqli_fetch_array($result,MYSQLI_NUM);
echo $row[0];
?>