On login, this query (NOTE: There is a necessary whitespace after -- otherwise the line won't be commented out properly).
admin' AND (select sleep(10) from dual where database() like 'se%');--
(with any password)
means
Sleep for 10 seconds where any database begins with 'se' (and this will trigger because our db is secureappdevs), users could use a loop over a combination of characters, and anytime a character returns a slowdown, we will know it is correct character.
On login, this query (NOTE: There is a necessary whitespace after -- otherwise the line won't be commented out properly).
admin' AND (select sleep(10) from dual where database() like 'se%');--
(with any password)
means
Sleep for 10 seconds where any database begins with 'se' (and this will trigger because our db is secureappdevs), users could use a loop over a combination of characters, and anytime a character returns a slowdown, we will know it is correct character.