sleep（）在mysql中慢速查詢日誌

Question

不知何故我在mysql中看到緩慢的查詢日誌文件注入sleep（）函數進入很多查詢。在項目的源代碼中，這樣的函數沒有被使用，在apache訪問日誌中它也不存在......注入來自何方？

例子：

Count   : 64 (0.05%) 
Time   : 156971.170609 s total, 2452.674541 s avg, 1635.656901 s to 3269.711339 s max (0.00%) 
    95% of Time : 143892.367342 s total, 2398.206122 s avg, 1635.656901 s to 3269.692319 s max 
Lock Time (s) : 13.918 ms total, 217 <B5>s avg, 39 <B5>s to 3.076 ms max (0.00%) 
    95% of Lock : 6.909 ms total, 115 <B5>s avg, 39 <B5>s to 1.026 ms max 
Rows sent  : 1 avg, 1 to 1 max (0.00%) 
Rows examined : 817 avg, 817 to 817 max (0.00%) 
Database  : 
Users   : 
     hostname and IP address : 100.00% (64) of query, 87.12% (106190) of all users 

Query abstract: 
SET timestamp=N; SELECT COUNT(*) AS total FROM new_forum_topics WHERE status = N AND forum_id = N AND sleep(N) AND posts_count > N ORDER BY inserted ASC; 

Query sample: 
SET timestamp=1344768385; 
SELECT count(*) as total 
      FROM `new_forum_topics` 
      WHERE `status` = 1 
       AND `forum_id` = 6 and sleep(2) 
       AND `posts_count` > 0 
      ORDER BY `inserted` ASC; 

但在代碼查詢看起來像

$sql = "SELECT count(*) as total 
      FROM `new_forum_topics` 
      WHERE `status` = ".intval($this->STATUS_ACTIVE)." 
       AND `forum_id` = ".intval($forum_id)." 
       AND `posts_count` > 0 
      ORDER BY `inserted` ASC;"; 

Answer 1

還有就是，在所有的可能性，在一個應用程序中的SQL注入漏洞，你正在運行。沒有細節，我們無法確定它是什麼。