what is the meaning of this injected sql?

I’m fiddling with sqlmap and it gives a working injected (My)SQL query:

SELECT *
FROM   `news`
WHERE  ( content LIKE ? )
ORDER  BY id 
          AND
            (SELECT 8183
               FROM   (SELECT( Sleep(1) )) dyYQ)

But I fail to understand what this query means, mainly the ORDER BY id AND (SELECT part.

I understand both parts before and after AND, but I never knew AND could join two clauses.

I checked MySQL doc, ORDER BY followed by AND subquery does not look legal syntax.

>Solution :

The query is valid in MySQL, syntax wise. You can use any expression as the operands of the and operator. The result will be 1 or 0.

SELECT 1 AND (SELECT 1) -- 1
SELECT 1 AND (SELECT 0) -- 0

Plus the ... and ... expression itself could be used in order by.

Dev solutions

Solutions for development problems

what is the meaning of this injected sql?

>Solution :

Like this:

Related

Leave a ReplyCancel reply

>Solution :

Share this:

Like this:

Related

Leave a ReplyCancel reply

Discover more from Dev solutions