Mega'and(select 1)>0waitfor/**/delay'0:0:2 -

If the website takes exactly 2 seconds (or more) to load, the attacker knows the database is vulnerable to SQL commands.

: This is a logical condition that is always true. In a blind injection attack, hackers use such conditions to determine if their injected code is being executed. MEGA'and(select 1)>0waitfor/**/delay'0:0:2

: This likely targets a field in a web application where the input "MEGA" is expected. The trailing single quote ( ' ) is intended to "break out" of the application's intended SQL query. If the website takes exactly 2 seconds (or

sql server - What is this hacker trying to do? - Stack Overflow : This likely targets a field in a

This technique is called "blind" because the database doesn't return actual data or error messages to the attacker's screen. Instead, the attacker observes the of the website: The attacker sends the request.

If the website takes exactly 2 seconds (or more) to load, the attacker knows the database is vulnerable to SQL commands.

: This is a logical condition that is always true. In a blind injection attack, hackers use such conditions to determine if their injected code is being executed.

: This likely targets a field in a web application where the input "MEGA" is expected. The trailing single quote ( ' ) is intended to "break out" of the application's intended SQL query.

sql server - What is this hacker trying to do? - Stack Overflow

This technique is called "blind" because the database doesn't return actual data or error messages to the attacker's screen. Instead, the attacker observes the of the website: The attacker sends the request.

Explore →

General (10)