• somethingsomethingidk@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    8 months ago

    However, to exploit the flaw requires a “a time-based blind approach” on the part of attackers to extract database information, which is “an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities,” according to Wordfence.

    I wouldn’t call that intricate. It’s pretty standard to try it since you get immidiate feedback that you can inject sql statements.