问题
hi every one i was reading a sans book about blind sql injection
the author of the book mention that if you want to trigger an error in mysql
use this query and inject it in the target
1 and (select 1 from (select count(*),concat(/*your malicious query here*/,floor(rand(0)*2)x from users group by x) a)
and he says (author) that count(*) on a group by "floor(rand(0)*2)" causes a duplicate key in internal table and display the key
My questions: first why he put the x there ?
second what is duplicate key in internal table error and what query causes it other then this one and how count(*) on a group by "floor(rand(0)*2)" causes it to happen
回答1:
x is an alias for the expression floor(rand(0)*2), so it can be references in GROUP BY x.
"duplicate key in an internal table" sounds like a description of a MySQL bug that occurs when it's trying to process this query.
来源:https://stackoverflow.com/questions/48088405/duplicate-key-error-in-mysql-triggered-by-count-on-group-by