Disclaimer: This information is for educational and defensive security purposes only. Testing for vulnerabilities without permission is illegal.
The application may not show direct SQL errors, but a notable delay in response time confirms the vulnerability. MEGA'/**/and(select'1'from/**/pg_sleep(0))::text>'0
Using pg_sleep(0) means zero delay, allowing an attacker to confirm the injection point without causing a noticeable, high-latency alert. MEGA'/**/and(select'1'from/**/pg_sleep(0))::text>'0