Skip to content
Advertisement

Time Based SQL Injection attack affect all users or just me?

Sorry for asking this silly question but If I found a website which is vulnerable to time base SQL Injection attack. For example I am using (sleep 20) means server will sleep for 20 seconds and then respond me so the server is down for 20 seconds only for me or all the users on website???

Advertisement

Answer

Yes, sleep() function affects only one connection.

It seems you misinterpret the Time Based SQL Injection confusing it with Denial of Service attack.

The primary goal of SQL injection is to compromise the system, not to put the server down. The delay in the time based injection is used for this exact purpose, to reveal some data, not to bring the server down. Though SQL injection can be used for the DoS attack too.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement