MySQL: новый Geometric error-based
 

Привет!
я не говорю России, так что я собираюсь объяснить это на английском языке. ;)
earlier today, i got some spare time, and played a little with the function GeometryCollection().
basically, this function constructs geometry collection.
sounds nice. but the interesting part is, we can only use it with adjusted function, like point(x,y).
for example-
and output-as we can see, the output is some gibberish.
now lets try it without POINT()-
wow, wait, what?
we got an error on our x argument, 53.
GeometryCollection() cant process this, because GeometryCollection() dont know how to recognize x,y.
after i saw that, i thought "why stop here?", maybe i can play with this a little more.
so, as expected (:)) i tried to pull out the version, like that-
mmm.. only possible to see the alias. not good enough.
but wait, if we can see the alias, so maybe NAME_CONST() will do the trick?
well, no. theoretically yes, but the problem is we cant call it.
from here, the way to exploitation was really short-and we get a short, new error based, without spaces and commas.
lets try pull out more stuff, maybe some columns from mysql.user-
hope i expand your mind ;), comments will be nice.

other functions that works, than GeometryCollection()-
linestring(), multipoint(), multilinestring() and multipolygon().

Копался в исходниках по поводу этого вектора, нашел еще один убогий и неюзабельный)
Из плюсов относительного обычного "XPATH error" - чуть большая длина полезных данных (48 против 31).
Так, чисто в образовательных целях)

PS: Для "non geometric" функция polygon() удобнее

narrowing down a bit-
since name_const() allow us to give a numeric alias, we can use this simple trick-

На mysql 5.6.20 не срабатывает двойной select*from :(
А name_const не прокатит для обычных запросов