The write up certainly implies SQL injection but it seems pretty unlikely that's true. If the target of a DDOS also had a sqli vuln it's much more likely it'd be exploited directly. It's also very unlikely pastebin has an active sqli given their audience etc.
3 comments
[ 3.1 ms ] story [ 20.7 ms ] threadSQL injection and sending slow queries? Or hammering regular HTTP pages which run slow SQL queries (such as an unoptimised search)?