I’m fiddling with
sqlmap and it gives a working injected (My)SQL query:
SELECT * FROM `news` WHERE ( content LIKE ? ) ORDER BY id AND (SELECT 8183 FROM (SELECT( Sleep(1) )) dyYQ)
But I fail to understand what this query means, mainly the
ORDER BY id AND (SELECT part.
I understand both parts before and after
AND, but I never knew
AND could join two clauses.
I checked MySQL doc,
ORDER BY followed by
AND subquery does not look legal syntax.
The query is valid in MySQL, syntax wise. You can use any expression as the operands of the
and operator. The result will be 1 or 0.
SELECT 1 AND (SELECT 1) -- 1 SELECT 1 AND (SELECT 0) -- 0
... and ... expression itself could be used in