Comment by hot_gril
2 months ago
"Blind" SQLi is a thing, but even in the real-life example I could find, it wasn't exactly blind. They could still use the timing to get one bit of info at a time and discern the email addresses. https://www.invokesec.com/2025/01/13/a-real-world-example-of...
It's hard to imagine a case where you can't even get info based on timing. But it requires more effort and knowledge to exploit this.
No comments yet
Contribute on Hacker News ↗