Expected behaviour
Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category.
Impact
Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:
Reading, updating and deleting arbitrary data or tables from the database.
Expected behaviour Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category. Impact Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:
Payload: (select(0)from(select(sleep(10)))v)/'+(select(0)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"/ Payload: (select(0)from(select(sleep(20)))v)/'+(select(0)from(select(sleep(20)))v)+'"+(select(0)from(select(sleep(20)))v)+"/