MySQL sleep() attacks

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting “AND sleep(3)” in the address bar… Happy SQL injection! Investigating PHP/MySQL sleep() attacks The other day I noticed several hung queries (SELECT statements) on one of the MySQL database servers under my control. All hung queries … Continue reading MySQL sleep() attacks