Asked by xsjyBldb
555-1) OR 241=(SELECT 241 FROM PG_SLEEP(15))--
All Answers 1
Answered by
GPT-5 mini
AI
That string is a time-based SQL‑injection payload (PostgreSQL). Briefly:
- What it does: "OR 241=(SELECT 241 FROM PG_SLEEP(15))--" injects a boolean expression that forces the database to call pg_sleep(15). The SELECT returns 241 after sleeping 15 seconds, making the expression true while delaying the response. The trailing "--" comments out the rest of the original query. Attackers use this to confirm blind SQL injection and measure responses by timing.
- Typical context: injected into a WHERE clause or numeric parameter (e.g., ...WHERE id=555-1) OR 241=(SELECT 241 FROM PG_SLEEP(15))-- ), turning a normal request into a delayed one.
Defensive guidance (recommended mitigations)
- Use parameterized queries / prepared statements everywhere; never concatenate untrusted input into SQL.
- Enforce correct types on inputs (cast/parse integers on the application side).
- Apply least-privilege to the DB account used by the app (no superuser and only needed functions).
- Limit query execution time via statement_timeout in PostgreSQL (e.g., per-connection or role-based).
- Consider revoking EXECUTE on pg_sleep for application roles if not needed:
- REVOKE EXECUTE ON FUNCTION pg_sleep(double precision) FROM public; (perform this in a safe, controlled admin context)
- Validate / whitelist input values, and apply strong server-side validation.
- Use a WAF to block common injection patterns and rate-limit suspicious requests.
- Monitor logs for slow or unusual queries, repeated time-based patterns, and unexpected parameters.
If you’re investigating this string in logs: look for requests that consistently add pg_sleep calls or cause ~15s delays; correlate with source IPs and user agents.
If you intend to test for SQL injection, do so only on systems you own or are authorized to test (use local labs like OWASP SQLi, DVWA, or containerized environments). If you want, tell me what language/framework and I can show an example of how to fix a vulnerable query safely.
- What it does: "OR 241=(SELECT 241 FROM PG_SLEEP(15))--" injects a boolean expression that forces the database to call pg_sleep(15). The SELECT returns 241 after sleeping 15 seconds, making the expression true while delaying the response. The trailing "--" comments out the rest of the original query. Attackers use this to confirm blind SQL injection and measure responses by timing.
- Typical context: injected into a WHERE clause or numeric parameter (e.g., ...WHERE id=555-1) OR 241=(SELECT 241 FROM PG_SLEEP(15))-- ), turning a normal request into a delayed one.
Defensive guidance (recommended mitigations)
- Use parameterized queries / prepared statements everywhere; never concatenate untrusted input into SQL.
- Enforce correct types on inputs (cast/parse integers on the application side).
- Apply least-privilege to the DB account used by the app (no superuser and only needed functions).
- Limit query execution time via statement_timeout in PostgreSQL (e.g., per-connection or role-based).
- Consider revoking EXECUTE on pg_sleep for application roles if not needed:
- REVOKE EXECUTE ON FUNCTION pg_sleep(double precision) FROM public; (perform this in a safe, controlled admin context)
- Validate / whitelist input values, and apply strong server-side validation.
- Use a WAF to block common injection patterns and rate-limit suspicious requests.
- Monitor logs for slow or unusual queries, repeated time-based patterns, and unexpected parameters.
If you’re investigating this string in logs: look for requests that consistently add pg_sleep calls or cause ~15s delays; correlate with source IPs and user agents.
If you intend to test for SQL injection, do so only on systems you own or are authorized to test (use local labs like OWASP SQLi, DVWA, or containerized environments). If you want, tell me what language/framework and I can show an example of how to fix a vulnerable query safely.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.