|
|
|
|
|
|
by hot_gril
483 days ago
|
|
|
"Blind" SQLi is a thing, but even in the real-life example I could find, it wasn't exactly blind. They could still use the timing to get one bit of info at a time and discern the email addresses. https://www.invokesec.com/2025/01/13/a-real-world-example-of... It's hard to imagine a case where you can't even get info based on timing. But it requires more effort and knowledge to exploit this. |
|
|