Menu
In a normal SQL query For Mysql version > 5.0
Select A, B FROM table where id =1
if an attacker injects 1-sleep(10) for the id parameter, why does the database sleep ? What is the role of hyphen here ? Isn't it invalid syntax (arithmetic operation of integer and a function) ?
537
asked Feb 12 '26 18:02
https://dev.mysql.com/doc/refman/8.0/en/miscellaneous-functions.html#function_sleep says:
Sleeps (pauses) for the number of seconds given by the duration argument, then returns 0.
In other words, it returns an integer, which is perfectly okay to use in an arithmetic expression.
Hyphen (-) is the arithmetic operator for subtraction.
I would infer that when an attacker injects a sleep, they're trying to test if your code is vulnerable to SQL injection. They can time the response to see if it lengthens when they add a sleep with a longer duration. This would confirm that they can exploit your code in other ways.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
