The /**/ is a comment syntax used to bypass simple security filters that might block spaces. How the Attack Works
sql server - What is this hacker trying to do? - Stack Overflow MEGA'and(select 1)>0waitfor/**/delay'0:0:2
: This likely targets a field in a web application where the input "MEGA" is expected. The trailing single quote ( ' ) is intended to "break out" of the application's intended SQL query. The /**/ is a comment syntax used to
This technique is called "blind" because the database doesn't return actual data or error messages to the attacker's screen. Instead, the attacker observes the of the website: The attacker sends the request. MEGA'and(select 1)>0waitfor/**/delay'0:0:2