用户提问: 555-1 waitfor delay '0:0:15' --
Ai回答: Ah, the classic time-based SQL injection attempt! Let's break this down:
Your Payload:
```sql
555-1 waitfor delay '0:0:15' --
```
What Happens?
1. `555-1` → Likely an invalid ID (assuming this is a numeric `WHERE` clause like `id=555-1`).
2. `waitfor delay '0:0:15'` → Tells the database to pause for 15 seconds before responding.
3. `--` → Comments out the rest of the query to avoid syntax errors.
Why This Works (If Vulnerable)
- If the app does not sanitize inputs, the SQL engine executes `WAITFOR DELAY`, causing a 15-second delay in the response.
- This confirms the app is vulnerable to blind SQL injection (since you infer success based on response time).
How to Defend Against This?
1. Use Parameterized Queries (Always!):
```python
# SAFE (SQLi-proof)
cursor.execute("SELECT * FROM users WHERE id = %s", (user_input,))
```
- This treats `555-1 waitfor delay '0:0:15' --` as a literal string, not executable SQL.
2. Input Validation:
- Reject non-numeric input if expecting a number (e.g., `id` fields).
3. WAF Rules:
- Block queries containing `WAITFOR DELAY`, `SLEEP`, `BENCHMARK`, etc.
Time-Based SQLi Cheat Sheet
If you're testing (ethically!), here are other time-based payloads:
```sql
1; WAITFOR DELAY '0:0:5'-- /* MSSQL */
1 OR (SELECT SLEEP(5)) /* MySQL */
1 AND (SELECT pg_sleep(5)) /* PostgreSQL */
1'; SELECT pg_sleep(5)-- /* PostgreSQL (with termination) */
```
Final Verdict
✅ Vulnerable if: The app delays 15 seconds.
❌ Safe if: The app ignores the payload (thanks to parameterization).
🔒 Defense wins every time with parameterized queries.
Want to go deeper? Try:
```sql
1; IF (SELECT COUNT(*) FROM users) > 0 WAITFOR DELAY '0:0:5'--
```
*(Delays only if the `users` table exists—useful for blind exfiltration.)*
😈 Stay ethical, test responsibly, and patch your code!
0
IP地址: 139.59.2.35
搜索次数: 64
提问时间: 2025-07-10 01:27:00
热门提问:
介绍域名mcuo.cn的含义、价值与适合的行业。
华夏稳兴增益一年持有混合A
ai通信概念股
ai人工智能问问题
论文用ai
