Skip to main content

blind-sql-injection

Blind SQL Injection

Blind SQL Injection

Blind SQL injection is a type of SQL injection attack where the attacker is able to manipulate a SQL query in a way that causes the database to behave differently, but the attacker does not receive direct feedback or error messages from the server. Since there is no visible output of the query, the attacker must infer information based on changes in the application's behavior, such as the page's response time, or whether the page loads differently.

Types of Blind SQL Injection

  1. Boolean-based blind SQL injection
  2. Time-based blind SQL injection
info

Boolean, error-based, out-of-band, and time-based will be added later.