|
|
|
|
|
|
by wongarsu
2760 days ago
|
|
|
Yes, but an attacker is more likely to try SLEEP(10) than DROP DATABASES, because the attacker usually wants your data (and your server, but the data is a bonus). So if disabling sleep makes a few bots miss an actual vulnerability, it's a good step for defense in depth. |
|
|
Plus, realistically, SLEEP allows you to scan for thousands of different test cases in a quick period and measure the hang time to figure out which vector worked.