DEVHIDE
Login Or Sign up

What is the execution order of the following SQL statements

39 Views Asked by At 
① select id,email,username from member where username='1'or sleep(3)
② select id,email,username from member where username='1'or( if(now()=sysdate(),sleep(3),0))
③ select id,email,username from member where username = '1'XOR if(true,sleep(3),0)
④ select id,email,username from member where username = '1'XOR if(now()=sysdate(),sleep(3),0)
⑤ select id,email,username from member where username like '%0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z%'
⑥ select id,email,username from member where username like '%0'OR(if(now()=sysdate(),sleep(3),0))OR'Z%'
⑦ select id,email,username from member where username like '%0'OR(if(now()=sysdate(),sleep(3),0))OR'Z%'OR 1
⑧ select id,email,username from member where username like '%0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z%'XOR 1

i was trying SQL time blind injection,and can't understand the execution logic of the where clause section.

①and②,why ② just sleep 3s but ① sleep a long time
④and③,why ② sleep 3s but ③ sleep a long time
⑤⑥⑦⑧,"like"、"XOR" and "or"  execution order

i tried the sql in mysql client,but result was Not meeting my expectations

Operator Priority:
1   =、:=
2   II、OR
3   XOR
4   &&、AND
5   NOT
6   BETWEEN、CASE、WHEN、THEN、ELSE
7   =、<=>、>=、>、<=、<、<>、!=、 IS、LIKE、REGEXP、IN
8   |
9   &
10  <<、>>
11  -、+
12  *、/、%
13  ^
14  -、〜
15  !
mysql sql-injection
Original Q&A
0

There are 0 best solutions below

Related Questions in MYSQL

Related Questions in SQL-INJECTION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.