Sembra che il sito Web sia vulnerabile a un tipo speciale di iniezione sql chiamato SQL Injection cieco .
Specialmente
This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
e
When the database does not output data to the web page, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible.
sono probabilmente pertinenti e illuminanti.
O come una persona più esperta di me avrebbe messo questo:
In other words, a lack of a response or a lag in a response can be a response itself. There are tools to make use of this and translate true/false answers into meaningful responses over the course of many requests.
On the other hand, a lag might still just be a lag; this is not guaranteed to be an injection.