Home/ Questions/Q 8907883
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T03:01:48+00:00

There is an interesting bug -for me-. Please follow the query i executed. everything

  • 0

There is an interesting bug -for me-.

Please follow the query i executed.

everything is normal.

mysql> select hex(current_user());
Result : 726F6F74406C6F63616C686F7374

everything is normal.

mysql> select substring(hex(current_user()),1,15);
Result : 726F6F74406C6F6

i added null string to second and third parameter of substring method. everything is normal.

mysql> select substring(hex(current_user()),''+1,''+15);
Result : 726F6F74406C6F6

when i add null string to firs parameter of substring.. there is return only 726.:S i was expecting same result of my latest query.

mysql> select substring(hex(current_user())+'',1,15);
Result : 726

mysql> select substring(hex(current_user())+'',2,15);
Result : 26

mysql> select substring(hex(current_user())+'',3,15);
Result : 6

mysql> select substring(hex(current_user())+'',4,15);
Result : NULL

I tested with Mysql 5.0.95 and 5.1.61 and same issue..! i tested same query with mid function instead of substring.. same again.

Any idea ? i was working on some kind of Web Application Firewall rule bypass and i realized to that bug.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s converting HEX to integer (by taking characters from HEX until the first non-numerical character: 726) when you apply ‘+’ operator. And empty string is converted (to integer: 0) also.

    Example:

    ''+1 => 0+1=1
726F6F74406C6F63616C686F7374+'' => 726+0 = 726

    concat() function should be used for concatenating strings.

    • 0