Sorry for asking this silly question but If I found a website which is vulnerable to time base SQL Injection attack. For example I am using (sleep 20) means server will sleep for 20 seconds and then respond me so the server is down for 20 seconds only for me or all the users on website???
Advertisement
Answer
Yes, sleep() function affects only one connection.
It seems you misinterpret the Time Based SQL Injection confusing it with Denial of Service attack.
The primary goal of SQL injection is to compromise the system, not to put the server down. The delay in the time based injection is used for this exact purpose, to reveal some data, not to bring the server down. Though SQL injection can be used for the DoS attack too.