MYSQL updatexml() function error injection analysis

First, understand the updatexml() function

UPDATEXML (XML_document, XPath_string, new_value);

The first parameter: XML_document is in String format and is the name of the XML document object, Doc in this article.

The second parameter: XPath_string (a string in Xpath format). If you don’t understand Xpath syntax, you can find a tutorial online.

The third parameter: new_value, in String format, replaces the found data that meets the conditions

Function: Change the value of the node that meets the conditions in the document

Change the value of XPATH_string in XML_document

And our injection statement is:

updatexml(1,concat(0x7e,(SELECT @@version),0x7e),1)

The concat() function concatenates them into a string, so it does not conform to the format of XPATH_string, resulting in a format error.

ERROR 1105 (HY000): XPATH syntax error: ':root@localhost'

Summary of xpath syntax format: https://www.jb51.net/article/125607.htm

Summarize

The above is all the content of this article about MYSQL updatexml() function error injection analysis. I hope it will be helpful to everyone. Interested friends can refer to: Detailed explanation of MySQL prepare principles, several important MySQL variables, methods of deleting MySQL table data, etc. If you have any questions, you can leave a message at any time. Everyone is welcome to communicate and discuss. I would also like to thank my friends for their support of this site.

You may also be interested in:

MySQL UPDATE statement detailed explanation
Detailed example of MySQL joint table update data
Example verification MySQL | update field with the same value will record binlog
Detailed explanation of the execution process of mysql update statement
MySQL select, insert, update batch operation statement code examples
Summary of Mysql update multi-table joint update method
Will MySQL execute the update statement again if it has the same data as the original one?
Explanation of mysql transaction select for update and data consistency processing
Several ways to update batches in MySQL
Detailed explanation of the use of the MySQL parameter sql_safe_updates in the production environment
How to solve the error 1093-You can't specify target table for update in FROM clause in MySQL
Mybatis executes batch update method (Oracle, MySQL)
Record a pitfall of MySQL update statement update

<<: Centos7.4 server installation of apache and solutions to problems encountered during the installation process

>>: VUE+Express+MongoDB front-end and back-end separation to realize a note wall