Hack attempt using sleep()???

Hello, all,

I'm just curious if anyone else has had any hack attempts on their webserver using sleep() as part of an injection attempt?

Someone in network security, here, forwarded sections of a log that show someone attempted, for an hour and a half, to slip the sleep() command in as a URL parameter, and they even tried to add bogus CFID and CFTOKEN URL parameters (I'm assuming as an attempt at session hijacking??)

Has anyone else seen anything like this?

?CFID=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22*/&CFTOKEN=362d01e1fdb64cf4-D83FE818-9EA2-F4A4-388891E61E6CC13F%0A

?CFID=16331257&CFTOKEN=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22

?mp=home&ms=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22*/&mt=vision%0A