关于order by注入利用rand(true)的一个疑问

order by的一个利用方式是使用

rand(true)

rand(false)

返回排序不同进行盲注，

rand((select char(substring(table_name,1,1)) from information_schema.tables limit 1)<=128))

order by rand()是随机排序返回，经过测试发现 select rand(true) 结果是0.40540353712197724

select rand(false); 结果是0.15522042769493574 疑问就是，这里order by rand(true)的含义是啥，根据什么标准进行排序？

会为每一条记录都生成一个随机值，然后排序

Order by Rand() Method

SELECT * FROM myTable ORDER BY RAND() LIMIT 1;

This method works by generating a random value for each row of the table, sorting the table according to these random values, and then returning one row.

参考
https://www.warpconduit.net/2011/03/23/selecting-a-random-record-using-mysql-benchmark-results/
@小饼仔 感谢，知道了rand()随机排序的原理，不过order by rand(true) 是啥意思呢

@D＆G

rand(N)里面的N是一个用来生产随机数的seed value，类型为常量整数。

至于rand(true)，你执行下

select true, false ;

就知道了，分别为1 和 0

参考
http://dev.mysql.com/doc/refman/5.7/en/mathematical-functions.html#function_rand

RAND(), RAND(N)

Returns a random floating-point value v in the range 0 <= v < 1.0. If a constant integer argument N is specified, it is used as the seed value, which produces a repeatable sequence of column values. In the following example, note that the sequences of values
produced by RAND(3) is the same both places where it occurs.

感谢大神~懂了。true 和false 自动转换成整型，rand(1)和rand(0) 有固定种子，两种排序不一样，作为标准盲注~~~