First, understand the updatexml() function UPDATEXML (XML_document, XPath_string, new_value); The first parameter: XML_document is in String format and is the name of the XML document object, Doc in this article. The second parameter: XPath_string (a string in Xpath format). If you don’t understand Xpath syntax, you can find a tutorial online. The third parameter: new_value, in String format, replaces the found data that meets the conditions Function: Change the value of the node that meets the conditions in the document Change the value of XPATH_string in XML_document And our injection statement is: updatexml(1,concat(0x7e,(SELECT @@version),0x7e),1) The concat() function concatenates them into a string, so it does not conform to the format of XPATH_string, resulting in a format error. ERROR 1105 (HY000): XPATH syntax error: ':root@localhost' Summary of xpath syntax format: https://www.jb51.net/article/125607.htm Summarize The above is all the content of this article about MYSQL updatexml() function error injection analysis. I hope it will be helpful to everyone. Interested friends can refer to: Detailed explanation of MySQL prepare principles, several important MySQL variables, methods of deleting MySQL table data, etc. If you have any questions, you can leave a message at any time. Everyone is welcome to communicate and discuss. I would also like to thank my friends for their support of this site. You may also be interested in:
|
>>: VUE+Express+MongoDB front-end and back-end separation to realize a note wall
1. docker ps -a view the running image process [r...
MySQL Users and Privileges In MySQL, there is a d...
When there is a lot of data to be displayed, the ...
This article example shares the specific code of ...
Table of contents One-way data flow explanation V...
Table of contents 1. What is lazy loading? 2. Imp...
Table of contents 01 Introduction to YAML files Y...
JavaScript to achieve the source code download ad...
This article shares the specific code of JavaScri...
Through permission-based email marketing, not onl...
A distinct Meaning: distinct is used to query the...
This article shares the specific code for JavaScr...
The paging effect is implemented in the vue proje...
1. Online installation Currently only tried the L...
Preface Previously, static IPs assigned using pip...