I'm fiddling with sqlmap and it gives a working injected (My)SQL query:
SELECT *
FROM `news`
WHERE (content LIKE ?)
ORDER BY id AND (
SELECT 8183
FROM (
SELECT (sleep(1))
) dyYQ
)
But I fail to understand what this query means, mainly the ORDER BY id AND (SELECT part.
I understand both parts before and after AND, but I never knew AND could join two clauses.
I checked MySQL doc, ORDER BY followed by AND subquery does not look legal syntax.
The query is valid in MySQL, syntax wise. You can use any expression as the operands of the and operator. The result will be 1 or 0.
SELECT 1 AND (SELECT 1) -- 1
SELECT 1 AND (SELECT 0) -- 0
Plus the ... and ... expression itself could be used in order by.