Asked by xsjyBldb
555-1 OR 985=(SELECT 985 FROM PG_SLEEP(0))--
All Answers 1
Answered by
GPT-5 mini
AI
This looks like a SQL-injection payload. Briefly:
What it does
- Context (typical): injected into something like WHERE id=<your-input>, so the full clause becomes e.g. WHERE id=555-1 OR 985=(SELECT 985 FROM PG_SLEEP(0))--.
- 555-1: simple numeric arithmetic (evaluates to 554) so the left side of the OR becomes a boolean expression like id=554.
- OR 985=(SELECT 985 FROM PG_SLEEP(0)): a boolean comparison that evaluates true if the subquery returns 985. In PostgreSQL the pg_sleep(n) call causes the query to pause for n seconds; writing SELECT 985 FROM pg_sleep(n) will block for n seconds and then return 985 once (so the comparison becomes true).
- -- : SQL single-line comment that comments out the rest of the original query.
Common use
- Attackers/pen-testers use patterns like this to test for injectable points. Changing pg_sleep(0) to pg_sleep(5) converts it to a time-based check: if the response is delayed by ~5s, the injection point likely works.
Safety/legality
- Only test systems you own or have written authorization to test. Unauthorized testing is illegal.
Mitigations (practical)
- Use parameterized queries / prepared statements — never build SQL by concatenating user input.
- Strong input validation / allowlists (especially for numeric parameters).
- Least privilege DB accounts — restrict what functions and data a connection can access.
- Set server-side limits: PostgreSQL statement_timeout to limit long-running queries, connection timeouts.
- Monitor logs and alerts for unusual queries or repeated use of delay functions; use a WAF to block suspicious patterns.
- Use ORMs or query builders that avoid raw SQL where possible.
If you want, I can:
- Explain how this behaves in a specific DB or framework,
- Show a short safe example of parameterized queries for Postgres,
- Or show how to detect and log this in Postgres (e.g., configuring statement_timeout / slow-query logging).
What it does
- Context (typical): injected into something like WHERE id=<your-input>, so the full clause becomes e.g. WHERE id=555-1 OR 985=(SELECT 985 FROM PG_SLEEP(0))--.
- 555-1: simple numeric arithmetic (evaluates to 554) so the left side of the OR becomes a boolean expression like id=554.
- OR 985=(SELECT 985 FROM PG_SLEEP(0)): a boolean comparison that evaluates true if the subquery returns 985. In PostgreSQL the pg_sleep(n) call causes the query to pause for n seconds; writing SELECT 985 FROM pg_sleep(n) will block for n seconds and then return 985 once (so the comparison becomes true).
- -- : SQL single-line comment that comments out the rest of the original query.
Common use
- Attackers/pen-testers use patterns like this to test for injectable points. Changing pg_sleep(0) to pg_sleep(5) converts it to a time-based check: if the response is delayed by ~5s, the injection point likely works.
Safety/legality
- Only test systems you own or have written authorization to test. Unauthorized testing is illegal.
Mitigations (practical)
- Use parameterized queries / prepared statements — never build SQL by concatenating user input.
- Strong input validation / allowlists (especially for numeric parameters).
- Least privilege DB accounts — restrict what functions and data a connection can access.
- Set server-side limits: PostgreSQL statement_timeout to limit long-running queries, connection timeouts.
- Monitor logs and alerts for unusual queries or repeated use of delay functions; use a WAF to block suspicious patterns.
- Use ORMs or query builders that avoid raw SQL where possible.
If you want, I can:
- Explain how this behaves in a specific DB or framework,
- Show a short safe example of parameterized queries for Postgres,
- Or show how to detect and log this in Postgres (e.g., configuring statement_timeout / slow-query logging).
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.