Task 2d): Why is "name='admin' AND password='123' OR sleep(5)" not correct?

0 votes
If the user admin has the password '123' we get a faster response, since we use short circuit evaluation. If it is not correct we first get a response 5 seconds after we made the request. Then we know admin does not have the password '123'. So we gained information whether admin has password='123' or not which is a type of information as stated in the task description !?
in ex07 by
edit history

1 Answer

0 votes

Adding brackets to indicate operator precedence, we get: [...] WHERE (name='admin' AND password='123') OR sleep(5)

So, while it is true that a correct guess for the admin password skips the sleep(5) function for that entry, the overall query also executes sleep(5) for every other user. Because the query always runs some amount of sleep(5), it does not reveal the information about the attacker password by itself.

by (860 points)
edit history