What is Blind SQL Injection?

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main -> Questions

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

What is Blind SQL Injection?

When an attacker executes SQL Injection attacks sometimes the server responds with error messages from the database server complaining that the SQL Query's syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

Additional information on SQL injection including useful articles and links can be found at our SQL Injection page below http://www.cgisecurity.com/development/sql.shtml

Also See 'SQL Injection'
What is SQL Injection?