What is Blind SQL Injection?

Blind SQL Injection is a type of SQL (Structured QueryLanguage)  injection attack that asks the database questions related to True Or False and then determines the answer based on the application's response. 

This attack is done when the application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL Injection. 

Sometimes when exploiting SQL Injection to a Web Application it shows error messages saying that the syntax of  SQL query is incorrect and Blind SQL is almost same as the normal SQL Injection.

In this case the only difference is the way of retrieving Data from the DATABASE. 


In case the database doesn't output the Data then the attacker has to force it out by asking the database a series of questions related to True  or False.


Now in the of Blind SQL Injection  the risk factor of a Web Application is the same as of normal SQL Injection. 

Here the attacker may verify the result of the request in various ways like :

• Content-Based

• Time -Based,etc....


                   - Thank You 

     All the best! 

             Stay Safe & Stay Secure 

              

           

Comments

Post a Comment

If you have any doubt or want to know something more or new,you are most welcome. Just let me know.

Popular posts from this blog

Cryptography in Cyber Security

Image
Crtpt - stands for hidden & graphy  - stands for writing. It is the process of protecting or securing a data or information with the help of codes.  Yes, the data gets stored in the form of codes such as : " 8b1a9953c4611296a827abf8c47804d7" Can you guess the actual word ? It's ' Hello'  similarly " 64ef07ce3e4b420c334227eecb3b3f4c " is the code or the hash for " Cryptography ". This technique is derived from some mathematical concepts . This process of crypting texts or the plain texts  into cipher text or the crypted text   is called Cryptography. If I give an example of Cryptography then WhatsApp will be the best to explain. Did you ever notice that after writing the first text to a person in WhatsApp at the top the message appears as "End-to-end encrypted". Hence it ensures you that " now your message is encrypted and is totally saved securely" , but in time when needed it can also be decrypted too.  This process of ...
Read more

What is SQL?

Image
SQL stands for  Structured Query Language also called See- Quel. This is a domain specific language used for programming and designed for managing data held in the relational database management system or simply the ( RDBMS ) and also for the stream processing in a Relational Database Management System or ,(RDBSMS). It is used for handling Structured Data. SQL consists of many types of statements which can be informally classed as Sublanguages : A Data Query Language, A Data Definition Language, A Data Control Language, and A Data Manipulation Language. The scope of SQL includes Data Query, Data Definition, Data Acess Control. SQL is a Declarative Language, it also includes procedural Elements.  The first relational language to be utilized in E.F.Codd's relational model was SQL. That model was described in his influential paper of the late 1970's.  Although it was not entirely adhered to the relational model described by E.F.Codd , it became the most widely used DATA...
Read more

What are VPNs?

    VPN stands for  Virtual Private Network . A VPN provides a secure & protected connection when connected to a network. It encrypts all the datas & disguise us with absolutely under a different identity with a different IP (Internet Protocol) address & Location. The encryption happens in  "Real Time".  It makes tracking parties more difficult to track you....   How  does a VPN  work? A VPN connection disguises your data traffic online and protects it from external access. Unencrypted data can be viewed by anyone who has network access and wants to see it. With a VPN, hackers and cyber criminals can’t decipher this data. Encryption:  To read the data, you need an  encryption key  . Without one, it would take millions of years for a computer to decipher the code in the event of a bruteforce attack. With the help of a VPN, your online activities are hidden even on public networks. Secure Data Transfer : If you work remote...
Read more