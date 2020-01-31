I’m trying to understand these bugs in mysql:
https://bugs.mysql.com/bug.php?id=58081
https://bugs.mysql.com/bug.php?id=62755
https://bugs.mysql.com/bug.php?id=60808
so i create a sequences inside table :
mysql> select id from test_injection ;
result:
+----+
| id |
+----+
| 0 |
| 1 |
| 1 |
| 1 |
| 1 |
| 0 |
+----+
6 rows in set (0.00 sec)
and i also try to make the bug above , by using select + agregate function with group by
mysql> select count(*),id from test_injection group by id ;
result:
+----------+----+
| count(*) | id |
+----------+----+
| 2 | 0 |
| 4 | 1 |
+----------+----+
2 rows in set (0.00 sec)
i try alot of times but no bugs happend .
so i try to use their payload in bug above :
mysql> select count(*),floor(rand(0)*2) from security.users ;
result:
ERROR 1062 (23000): Duplicate entry ‘1’ for key ‘’
so why the error happen in the second select ? as i i know the duplicate error happen in update/insert queries not in select .